Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)
Vulnerability Description
SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
SAP NetWeaver Administrator 代码问题漏洞
Vulnerability Description
SAP NetWeaver Administrator(SAP NWA)是德国思爱普(SAP)公司的一个基于 Web 的框架工具,用于管理、配置和监控。 SAP NetWeaver Administrator存在代码问题漏洞,该漏洞源于允许经过身份验证的攻击者通过特制的 HTTP 请求枚举内部网络中可访问的 HTTP 端点,容易受到服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A