Gaston Traberg

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java versions 7.10 through 7.50 Description: The issue allows an attacker to send multiple HTTP requests with different method types, thereby crashing the filter and making the HTTP server unavailable to other legitimate users, leading to a denial of service. Recommendations: For versions 7.10 through 7.50, consider restricting access to the HTTP service to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the Http Service Monitoring Filter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905, 2005 **Description** The issue allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL, which will be processed without further interaction. This leads to a Server Side Request Forgery attack, potentially allowing the retrieval of limited pieces of information about the service with no impact on integrity or availability. **Recommendations** For versions 1808, 1811, 1905, 2005, consider disabling the vulnerable module until a patch is available. Restrict access to the SAP Commerce module URL to minimize the risk of exploitation. Avoid using the vulnerable SAP Commerce module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.