CVE-2021-33705

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Portal versions 7.10 through 7.50

Description: The issue allows an unauthenticated attacker to craft a malicious URL which, when clicked by a user, can make any type of request (e.g., POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.

Recommendations: For SAP NetWeaver Portal versions 7.10 through 7.50, consider disabling the Iviews Editor component until a patch is available to prevent exploitation of the Server-Side Request Forgery (SSRF) vulnerability. Restrict access to internal and external servers to minimize the risk of data access or modification. Avoid using malicious URLs that can trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.