CVE-2023-42477

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java (GRMG Heartbeat application) version 7.50

Description The issue is related to insufficient validation of incoming requests in the Generic Request and Message Generator (GRMG)/Heartbeat service of the SAP NetWeaver AS for Java platform. This can allow a remote attacker to perform a Server-Side Request Forgery (SSRF) attack, potentially causing limited impact on the confidentiality and integrity of the application.

Recommendations For version 7.50, consider implementing additional validation for incoming requests to the GRMG Heartbeat application to prevent SSRF attacks. As a temporary workaround, restrict access to the vulnerable GRMG/Heartbeat service until a patch is available.