CVE-2024-41737

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41737
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3487537 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:*:*:*:*:*:*:*
History

12 Sep 2024, 13:49

Type Values Removed Values Added
Summary
  • (es) SAP CRM ABAP (Insights Management) permite a un atacante autenticado enumerar endpoints HTTP en la red interna mediante la elaboración especial de solicitudes HTTP. Si se explota con éxito, esto puede dar lugar a la divulgación de información. No tiene ningún impacto en la integridad y disponibilidad de la aplicación.
References () https://me.sap.com/notes/3487537 - () https://me.sap.com/notes/3487537 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:*:*:*:*:*:*:*
cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:*:*:*:*:*:*:*
First Time Sap crm Abap Insights Management
Sap

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:49

NVD link : CVE-2024-41737

Mitre link : CVE-2024-41737

CVE.ORG link : CVE-2024-41737

JSON object : View

Products Affected

sap

  • crm_abap_insights_management
CWE
CWE-918

Server-Side Request Forgery (SSRF)