CVE-2024-39598

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

7.7HIGH

EPSS

0.4%

top 36.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP CRM Webclient UI SAP Customer Relationship Management S4fnd SAP Customer Relationship Management Webclient UI

Timeline

PublishedJul 9

Description

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_crm_webclient_ui14 versions+13

▶NVDsap/customer_relationship_management_webclient_ui7 versions+6

▶NVDsap/customer_relationship_management_s4fnd7 versions+6

🔴Vulnerability Details

GHSA

GHSA-v2gf-qrv9-w74g: SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting↗2024-07-09

▶

CVEList

[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)↗2024-07-09

▶