Lucene search

SapVULNRICHMENT:CVE-2024-41737

HistoryAug 13, 2024 - 3:55 a.m.

CVE-2024-41737 Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

2024-08-1303:55:04

CWE-918

sap

github.com

sap crm

abap

ssrf

vulnerability

http

enumeration

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP CRM ABAP (Insights Management)",
    "versions": [
      {
        "status": "affected",
        "version": "BBPCRM 700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "712"
      },
      {
        "status": "affected",
        "version": "713"
      },
      {
        "status": "affected",
        "version": "714"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3487537

url.sap/sapsecuritypatchday

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-41737