CVE-2017-16678

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Knowledge Management Configuration Service versions 7.00 through 7.02 KMC-BC versions 7.30, 7.31, 7.40, 7.50

Description: The issue is related to a Server Side Request Forgery (SSRF) vulnerability that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. This is due to insufficient request checking on the server side, which can be exploited by a remote attacker to control the application using specially formed requests.

Recommendations: For SAP NetWeaver Knowledge Management Configuration Service versions 7.00 through 7.02, update to a version outside of this range to resolve the issue. For KMC-BC versions 7.30, 7.31, 7.40, 7.50, update to a version outside of these ranges to resolve the issue. As a temporary workaround, consider restricting access to the Knowledge Management Configuration Service to minimize the risk of exploitation.