CVE-2017-16678
Severity Score
4.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
Vulnerabilidad de Server Side Request Forgery (SSRF) en SAP NetWeaver Knowledge Management Configuration Service, EPBC y EPBC2 desde la versión 7.00 hasta la 7.02 y KMC-BC 7.30, 7.31, 7.40 y 7.50, que permite que un atacante manipule la aplicación vulnerable para que envíe peticiones manipuladas en nombre de la aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-09 CVE Reserved
- 2017-12-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102149 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 | 2018-01-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Knowledge Management Configuration Service Search vendor "Sap" for product "Netweaver Knowledge Management Configuration Service" | - | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Epbc Search vendor "Sap" for product "Epbc" | >= 7.00 <= 7.02 Search vendor "Sap" for product "Epbc" and version " >= 7.00 <= 7.02" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Epbc2 Search vendor "Sap" for product "Epbc2" | >= 7.00 <= 7.02 Search vendor "Sap" for product "Epbc2" and version " >= 7.00 <= 7.02" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Kmc-bc Search vendor "Sap" for product "Kmc-bc" | 7.30 Search vendor "Sap" for product "Kmc-bc" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Kmc-bc Search vendor "Sap" for product "Kmc-bc" | 7.31 Search vendor "Sap" for product "Kmc-bc" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Kmc-bc Search vendor "Sap" for product "Kmc-bc" | 7.40 Search vendor "Sap" for product "Kmc-bc" and version "7.40" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Kmc-bc Search vendor "Sap" for product "Kmc-bc" | 7.50 Search vendor "Sap" for product "Kmc-bc" and version "7.50" | - |
Affected
| ||||||