CVE-2024-54197 HIGH

CVE-2024-54197: Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

Vendor Sap_Se
Product SAP NetWeaver Administrator(System Overview)
Weakness CWE-918 · SSRF
Published December 10, 2024
Last update December 10, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

Key dates

02Disclosure timeline

December 10, 2024 CVE published
December 10, 2024 Record updated