Vulnerabilities > CVE-2024-39598 - Server-Side Request Forgery (SSRF) vulnerability in SAP products

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-918

NVD

Published: 2024-07-09

Updated: 2024-08-29

Summary

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Customer Relationship Management Webclient UI 731 SAP Customer Relationship Management Webclient UI 746 SAP Customer Relationship Management Webclient UI 747 SAP Customer Relationship Management Webclient UI 748 SAP Customer Relationship Management Webclient UI 800 SAP Customer Relationship Management Webclient UI 801 SAP Customer Relationship Management Webclient UI 701 SAP Customer Relationship Management S4Fnd 103 SAP Customer Relationship Management S4Fnd 104 SAP Customer Relationship Management S4Fnd 105 SAP Customer Relationship Management S4Fnd 102 SAP Customer Relationship Management S4Fnd 106 SAP Customer Relationship Management S4Fnd 107 SAP Customer Relationship Management S4Fnd 108	14

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References