CVE-2024-34689
5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 700 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 701 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 702 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 731 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 740 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 750 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 751 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 752 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 753 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 754 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 755 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 756 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 757 | affected |
| SAP_SE | SAP Business Workflow (WebFlow Services) | SAP_BASIS 758 | affected |
Weaknesses
- CWE-918: CWE-918: Server-Side Request Forgery
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.