Description
SAP BO BIP allows an unauthenticated attacker to send arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.
Remediation
Upgrade to the latest version of SAP BO BIP
References
Related Vulnerabilities
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)
Jboss Application Server HTTPServerILServlet.java remote code execution
Data Binding Expression Vulnerability in Spring Web Flow
WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)