CVE-2024-41737

Summary

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP CRM ABAP (Insights Management)BBPCRM 700affected
SAP_SESAP CRM ABAP (Insights Management)701affected
SAP_SESAP CRM ABAP (Insights Management)702affected
SAP_SESAP CRM ABAP (Insights Management)712affected
SAP_SESAP CRM ABAP (Insights Management)713affected
SAP_SESAP CRM ABAP (Insights Management)714affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References