CVE-2024-54197 | THREATINT

Description

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

PUBLISHED Reserved 2024-12-02 | Published 2024-12-10 | Updated 2024-12-10 | Assigner sap

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

LM-CORE 7.50

affected

References

me.sap.com/notes/3542543

url.sap/sapsecuritypatchday

cve.org (CVE-2024-54197)

nvd.nist.gov (CVE-2024-54197)

Download JSON