CVE-2024-37171
📋 TL;DR
This Server-Side Request Forgery (SSRF) vulnerability in SAP Transportation Management (Collaboration Portal) allows authenticated non-administrative users to send crafted requests that force the application to make requests to internal services. This could reveal information about internal systems behind firewalls that are normally inaccessible from external networks. Organizations running vulnerable versions of SAP TM Collaboration Portal are affected.
💻 Affected Systems
- SAP Transportation Management (Collaboration Portal)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map internal network infrastructure, discover sensitive internal services, and potentially use discovered services as pivot points for further attacks on internal systems.
Likely Case
Information disclosure about internal services and network architecture, enabling attackers to gather intelligence for targeted attacks.
If Mitigated
Limited information disclosure with proper network segmentation and access controls in place.
🎯 Exploit Status
Requires authenticated access and knowledge of crafting specific requests. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Notes 3469958 for specific patch information
Vendor Advisory: https://me.sap.com/notes/3469958
Restart Required: Yes
Instructions:
1. Review SAP Security Note 3469958
2. Apply the relevant SAP patch for your SAP TM Collaboration Portal version
3. Restart the application server
4. Verify the fix by testing the SSRF vulnerability
🔧 Temporary Workarounds
Network Segmentation
allRestrict outbound network access from SAP TM Collaboration Portal servers to only necessary internal services.
Access Control Review
allReview and restrict non-administrative user privileges to minimize attack surface.
🧯 If You Can't Patch
- Implement strict network segmentation to limit the SAP TM server's ability to reach internal services
- Monitor for unusual outbound requests from the SAP TM Collaboration Portal application
🔍 How to Verify
Check if Vulnerable:
Check if your SAP TM Collaboration Portal version matches affected versions in SAP Note 3469958Check Version:
Check SAP system information via transaction code SM51 or system statusVerify Fix Applied:
After patching, attempt to reproduce the SSRF condition using authenticated non-admin access📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from SAP TM Collaboration Portal to internal IP ranges
- Multiple failed connection attempts to internal services
Network Indicators:
- HTTP requests from SAP TM server to unexpected internal destinations
- Port scanning activity originating from SAP TM server
SIEM Query:
source_ip="SAP_TM_SERVER_IP" AND (dest_ip=PRIVATE_IP_RANGE OR dest_port=SCAN_PORTS)