Vulnerabilities > CVE-2024-34689 - Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-918

NVD

Published: 2024-07-09

Updated: 2024-09-09

Summary

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Business Workflow * SAP SAP Basis 700 SAP SAP Basis 701 SAP SAP Basis 702 SAP SAP Basis 731 SAP SAP Basis 740 SAP SAP Basis 750 SAP SAP Basis 751 SAP SAP Basis 752 SAP SAP Basis 753 SAP SAP Basis 754 SAP SAP Basis 755 SAP SAP Basis 756 SAP SAP Basis 757 SAP SAP Basis 758	15

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References