WebFlow Services of SAP Business Workflow allows
an authenticated attacker to enumerate accessible HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3458789 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Sep 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap
Sap business Workflow Sap sap Basis |
|
References | () https://me.sap.com/notes/3458789 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
CPE | cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:* cpe:2.3:a:sap:business_workflow:*:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:* cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:* |
09 Jul 2024, 18:19
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Jul 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-09 05:15
Updated : 2024-09-09 15:31
NVD link : CVE-2024-34689
Mitre link : CVE-2024-34689
CVE.ORG link : CVE-2024-34689
JSON object : View
Products Affected
sap
- business_workflow
- sap_basis
CWE
CWE-918
Server-Side Request Forgery (SSRF)