CVE-2024-34689

EPSS 0.18%
Published 09.07.2024 05:15:10
Last modified 21.11.2024 09:19:12
Source cna@sap.com
Teams watchlist Login
Open Login

WebFlow Services of SAP Business Workflow allows
an authenticated attacker to enumerate accessible HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Business Workflow

SAP ≫ Sap Basis Version700

SAP ≫ Sap Basis Version701

SAP ≫ Sap Basis Version702

SAP ≫ Sap Basis Version731

SAP ≫ Sap Basis Version740

SAP ≫ Sap Basis Version750

SAP ≫ Sap Basis Version751

SAP ≫ Sap Basis Version752

SAP ≫ Sap Basis Version753

SAP ≫ Sap Basis Version754

SAP ≫ Sap Basis Version755

SAP ≫ Sap Basis Version756

SAP ≫ Sap Basis Version757

SAP ≫ Sap Basis Version758

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
cna@sap.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3458789

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-34689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34689

EUVD