Server Side Request Forgery Vulnerability in SAP NetWeaver Products
CVE-2017-16678

4.7MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver Knowledge Management Configuration Service
Vendor
CVE Published:
12 December 2017

Summary

This vulnerability allows an attacker to exploit the SAP NetWeaver Knowledge Management Configuration Service and KMC-BC components by sending specially crafted requests on behalf of the vulnerable application. The flaw can potentially lead to unauthorized access to internal resources, enabling further malicious activities against an organization's infrastructure.

Affected Version(s)

SAP NetWeaver Knowledge Management Configuration Service EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50

References

https://launchpad.support.sap.com/#/notes/2457562
x_refsource_CONFIRM
https://blogs.sap.com/2017/12/12/sap-security-patch-day-d...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102149
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.