SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application. | |
Title | Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2024-12-10T00:12:42.296Z
Updated: 2024-12-10T21:28:24.296Z
Reserved: 2024-12-02T11:40:44.769Z
Link: CVE-2024-54197
Vulnrichment
Updated: 2024-12-10T21:28:20.687Z
NVD
Status : Received
Published: 2024-12-10T01:15:06.573
Modified: 2024-12-10T01:15:06.573
Link: CVE-2024-54197
Redhat
No data.