CVE-2024-34689 — Server-Side Request Forgery in SE SAP Business Workflow

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Workflow SAP Basis

Timeline

PublishedJul 9

Description

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_workflow14 versions+13

▶NVDsap/sap_basis14 versions+13

🔴Vulnerability Details

GHSA

GHSA-hx7c-3fpv-rgpx: WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially↗2024-07-09

▶

CVEList

[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)↗2024-07-09

▶