SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
History

Tue, 10 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Dec 2024 00:45:00 +0000

Type Values Removed Values Added
Description SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
Title Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-12-10T00:12:42.296Z

Updated: 2024-12-10T21:28:24.296Z

Reserved: 2024-12-02T11:40:44.769Z

Link: CVE-2024-54197

cve-icon Vulnrichment

Updated: 2024-12-10T21:28:20.687Z

cve-icon NVD

Status : Received

Published: 2024-12-10T01:15:06.573

Modified: 2024-12-10T01:15:06.573

Link: CVE-2024-54197

cve-icon Redhat

No data.