Vulnerabilities > CVE-2024-41737 - Server-Side Request Forgery (SSRF) vulnerability in SAP CRM Abap Insights Management

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-918

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP CRM Abap Insights Management Bbpcrm_700 SAP CRM Abap Insights Management Bbpcrm_701 SAP CRM Abap Insights Management Bbpcrm_702 SAP CRM Abap Insights Management Bbpcrm_712 SAP CRM Abap Insights Management Bbpcrm_713 SAP CRM Abap Insights Management Bbpcrm_714	6

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References