How severe is CVE-2024-37171?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-37171?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-37171 - MEDIUM Severity | CVSS 5

Vulnerability Description

SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that service. The information obtained could be used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. There is no effect on integrity or availability of the application.

Related Vulnerabilities

CVE-2018-20497

MEDIUM

CVSS:5.0(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-1679

MEDIUM

CVSS:5.0(Medium)

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote att...

CWE-9182019

CVE-2019-18846

MEDIUM

CVSS:5.0(Medium)

OX App Suite through 7.10.2 allows SSRF.

CWE-9182019

CVE-2020-12644

MEDIUM

CVSS:5.0(Medium)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.

CWE-9182020

CVE-2020-15002

MEDIUM

CVSS:5.0(Medium)

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

CWE-9182020

CVE-2020-36232

MEDIUM

CVSS:5.0(Medium)

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5...

CWE-9182020