SAP NW DI SSRF vulnerability (CVE-2021-33690)
Description
SAP NetWeaver Development Infrastructure contains a Server-Side Request Forgery (SSRF) vulnerability tracked as CVE-2021-33690. This flaw allows authenticated attackers to force the server to make arbitrary HTTP requests to internal or external systems, potentially bypassing network security controls and accessing resources that should not be directly reachable.
Remediation
Apply the security patches provided by SAP immediately. Refer to SAP Security Note 3007182 for specific patch levels and installation instructions for your SAP NetWeaver Development Infrastructure version.
Mitigation steps:
1. Review and apply the latest SAP security patches from the SAP Support Portal
2. Implement network segmentation to limit the impact of SSRF attacks
3. Configure egress filtering to restrict outbound connections from the SAP server
4. Monitor DNS queries and HTTP requests for suspicious patterns
5. Ensure that only necessary users have authenticated access to the Development Infrastructure component
If immediate patching is not possible, consider temporarily restricting access to the vulnerable component until patches can be applied.