CVE-2024-34689
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
EPSS
Percentile
14.7%
WebFlow Services of SAP Business Workflow allows
an authenticated attacker to enumerate accessible HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | business_workflow | * | cpe:2.3:a:sap:business_workflow:*:*:*:*:*:*:*:* |
| sap | sap_basis | 700 | cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:* |
| sap | sap_basis | 701 | cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:* |
| sap | sap_basis | 702 | cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:* |
| sap | sap_basis | 731 | cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:* |
| sap | sap_basis | 740 | cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:* |
| sap | sap_basis | 750 | cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:* |
| sap | sap_basis | 751 | cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:* |
| sap | sap_basis | 752 | cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:* |
| sap | sap_basis | 753 | cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
EPSS
Percentile
14.7%