← Back

CVE-2024-34689

nvd nist
Published: Jul 9, 2024Modified: Nov 21, 2024

JSON object

Loading...
5.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Exploitability: 3.1 / Impact: 1.4
Source: NVD

Description

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Affected (15)

Sap
2 products
Business Workflow
Sap Basis
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Business Workflow
All versions
Sap
Sap Basis
Version 700
Sap Basis
Version 701
Sap Basis
Version 702
Sap Basis
Version 731
Sap Basis
Version 740
Sap Basis
Version 750
Sap Basis
Version 751
Sap Basis
Version 752
Sap Basis
Version 753
Sap Basis
Version 754
Sap Basis
Version 755
Sap Basis
Version 756
Sap Basis
Version 757
Sap Basis
Version 758

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.