SAP CRM Vulnerability: Authenticated Attacker can Enumerate Accessible HTTP Endpoints
CVE-2024-39598
7.7HIGH
What is CVE-2024-39598?
The SAP CRM WebClient UI Framework is susceptible to a vulnerability that allows authenticated attackers to craft specific HTTP requests. By exploiting this flaw, attackers can enumerate the HTTP endpoints available within the internal network. Although this vulnerability does not affect the integrity or availability of the application, it poses a significant risk of information disclosure. Organizations utilizing this product should prioritize mitigating this vulnerability to protect sensitive information from unauthorized access.
Affected Version(s)
SAP CRM WebClient UI S4FND 102
SAP CRM WebClient UI S4FND 103
SAP CRM WebClient UI S4FND 104