CVE-2024-37171

Name of the Vulnerable Software and Affected Versions: SAP Transportation Management (Collaboration Portal) (affected versions not specified)

Description: The issue allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application, triggering the application handler to send a request to an unintended service. This may reveal information about that service, which could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on the integrity or availability of the application.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.