Lucene search

SapCVE-2024-41737

HistoryAug 13, 2024 - 4:15 a.m.

CVE-2024-41737

2024-08-1304:15:10

CWE-918

sap

web.nvd.nist.gov

cve-2024-41737

authenticated attacker

http requests

information disclosure

integrity

availability

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.7%

JSON

SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.

Affected configurations

Nvd

Node

sapcrm_abap_insights_managementMatchbbpcrm_700

sapcrm_abap_insights_managementMatchbbpcrm_701

sapcrm_abap_insights_managementMatchbbpcrm_702

sapcrm_abap_insights_managementMatchbbpcrm_712

sapcrm_abap_insights_managementMatchbbpcrm_713

sapcrm_abap_insights_managementMatchbbpcrm_714

VendorProductVersionCPE
sapcrm_abap_insights_managementbbpcrm_700cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:*:*:*:*:*:*:*
sapcrm_abap_insights_managementbbpcrm_701cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:*:*:*:*:*:*:*
sapcrm_abap_insights_managementbbpcrm_702cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:*:*:*:*:*:*:*
sapcrm_abap_insights_managementbbpcrm_712cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:*:*:*:*:*:*:*
sapcrm_abap_insights_managementbbpcrm_713cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:*:*:*:*:*:*:*
sapcrm_abap_insights_managementbbpcrm_714cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	crm_abap_insights_management	bbpcrm_700	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:::::::*
sap	crm_abap_insights_management	bbpcrm_701	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:::::::*
sap	crm_abap_insights_management	bbpcrm_702	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:::::::*
sap	crm_abap_insights_management	bbpcrm_712	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:::::::*
sap	crm_abap_insights_management	bbpcrm_713	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:::::::*
sap	crm_abap_insights_management	bbpcrm_714	cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM ABAP (Insights Management)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "BBPCRM 700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "712"
      },
      {
        "status": "affected",
        "version": "713"
      },
      {
        "status": "affected",
        "version": "714"
      }
    ]
  }
]

References

me.sap.com/notes/3487537

url.sap/sapsecuritypatchday

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-41737