CVE-2017-16678

Name: CVE-2017-16678
Creator: NVD / NIST
Published: 2017-12-12T14:29:00.187+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.87%

Last modified Jun 17, 2026

CVE-2017-16678 is a vulnerability of currently unknown severity. Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.. EPSS estimates a 0.87% chance of exploitation in the next 30 days.

Description

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.

Metrics

EPSS Probability

0.87%

54.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-918

Affected Software

Vendor	Product	Versions
Sap	Netweaver Knowledge Management Configuration Service	All versions
Sap	Epbc	>= 7.00, <= 7.02
Sap	Epbc2	>= 7.00, <= 7.02
Sap	Kmc-Bc	7.30
Sap	Kmc-Bc	7.31
Sap	Kmc-Bc	7.40
Sap	Kmc-Bc	7.50

References

http://www.securityfocus.com/bid/102149Third Party Advisory, VDB Entry
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
https://launchpad.support.sap.com/#/notes/2457562Permissions Required
http://www.securityfocus.com/bid/102149Third Party Advisory, VDB Entry
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
https://launchpad.support.sap.com/#/notes/2457562Permissions Required

Timeline

Published: Dec 12, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-16678?

How severe is CVE-2017-16678?

Severity scoring for CVE-2017-16678 is pending analysis. The EPSS model estimates a 0.87% probability of exploitation in the next 30 days.

How do I fix CVE-2017-16678?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16678?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST