SAP CRM and SAP S/4HANA (Interaction Center) Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in SAP CRM and SAP S/4HANA (Interaction Center). This vulnerability allows an attacker with low privileges to access restricted information by sending requests to internal network resources, thereby compromising the application's confidentiality. However, there is no impact on integrity or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network resources, potentially allowing attackers to retrieve sensitive information or interact with internal services inappropriately.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all Security Notes are available. For guidance on how to access and apply these Security Notes, refer to the SAP Security Notes FAQs.