Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2457562 | Permissions Required |
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Vendor Advisory |
http://www.securityfocus.com/bid/102149 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2017-12-12 06:29
Updated : 2018-01-02 09:42
NVD link : CVE-2017-16678
Mitre link : CVE-2017-16678
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
sap
- kmc-bc
- epbc2
- netweaver_knowledge_management_configuration_service
- epbc