Vulnerability Description
SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Saptmui | 140 |
| Sap | Transportation Management | - |
Related Weaknesses (CWE)
References
- https://me.sap.com/notes/3469958Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
- https://me.sap.com/notes/3469958Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
FAQ
What is CVE-2024-37171?
CVE-2024-37171 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the applicatio...
How severe is CVE-2024-37171?
CVE-2024-37171 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37171?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Saptmui, Sap Transportation Management.