The vulnerabilities of the software components—Knowledge Management Configuration Service, EPBC, and EPBC2 on the SAP NetWeaver platform—allow attackers to control the application.

🗓️ 28 Jan 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Vulnerabilities in management configuration service and enterprise components enable attackers to control the app.

Reporter	Title	Published	Views	Family All 8
CNVD	SAP Netweaver Server-Side Request Forgery Vulnerability	15 Dec 201700:00	–	cnvd
CVE	CVE-2017-16678	12 Dec 201714:00	–	cve
Cvelist	CVE-2017-16678	12 Dec 201714:00	–	cvelist
EUVD	EUVD-2017-7862	7 Oct 202500:30	–	euvd
NVD	CVE-2017-16678	12 Dec 201714:29	–	nvd
OSV	CVE-2017-16678	12 Dec 201714:29	–	osv
Prion	Server side request forgery (ssrf)	12 Dec 201714:29	–	prion
Positive Technologies	PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service	16 Mar 201700:00	–	ptsecurity

Vulners

Node

sap sap_netweaver_knowledge_management_configuration_serviceMatch7

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-16678
ptsecurity	www.ptsecurity.com/ru-ru/research/threatscape/pt-2018-41/
launchpad	www.launchpad.support.sap.com/
securityfocus	www.securityfocus.com/bid/102149
web	www.web.nvd.nist.gov/view/vuln/detail
securityfocus	www.securityfocus.com/bid/102149
securitylab	www.securitylab.ru/lab/PT-2018-41

23 Mar 2021 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 25.8

CVSS 36.6

EPSS0.0087

management configuration enterprise components netweaver platform server requests