← Back

CVE-2017-16678

nvd nist
Published: Dec 12, 2017Modified: May 13, 2026

JSON object

Loading...
4.7
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Exploitability: 1.2 / Impact: 3.4
Source: NVD

Description

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.

Affected (7)

Sap
4 products
Netweaver Knowledge Management Configuration Service
Epbc
Epbc2
Kmc Bc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Netweaver Knowledge Management Configuration Service
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Epbc
From 7.00 to 7.02
Epbc2
From 7.00 to 7.02
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Kmc Bc
Version 7.30
Kmc Bc
Version 7.31
Kmc Bc
Version 7.40
Kmc Bc
Version 7.50

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Vendor Advisory
Source: cna@sap.com
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

Timeline

No history available yet.