Lucene search

SapCVELIST:CVE-2024-41737

HistoryAug 13, 2024 - 3:55 a.m.

CVE-2024-41737 Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

2024-08-1303:55:04

CWE-918

sap

www.cve.org

cve-2024-41737

server-side request forgery

sap crm

insights management

http endpoints enumeration

information disclosure

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM ABAP (Insights Management)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "BBPCRM 700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "712"
      },
      {
        "status": "affected",
        "version": "713"
      },
      {
        "status": "affected",
        "version": "714"
      }
    ]
  }
]

References

me.sap.com/notes/3487537

url.sap/sapsecuritypatchday

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-41737