SAP NetWeaver Application Server for ABAP Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in SAP NetWeaver Application Server for ABAP. The issue arises from an ABAP Report that allows the sending of HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable interaction with sensitive internal endpoints, posing a low risk to data confidentiality and integrity, while having no impact on the application's availability.

Impact

Exploitation of this vulnerability could lead to unauthorized interaction with internal endpoints, potentially allowing access to sensitive information or resources.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security updates and patches. For SAP NetWeaver based products, security fixes are also delivered with support packages.