CVE-2024-54197

Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

CVSS 7.2 HIGHEPSS 0.3%CWE-918

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected products

SAP_SE · SAP NetWeaver Administrator(System Overview)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/3542543 https://url.sap/sapsecuritypatchday