SAP CRM ABAP (Insights Management) Vulnerability: Possible Information Disclosure
CVE-2024-41737

5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Abap (insights Management)
Vendor: CVE Published:; 13 August 2024

Summary

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Affected Version(s)

SAP CRM ABAP (Insights Management) BBPCRM 700

SAP CRM ABAP (Insights Management) 701

SAP CRM ABAP (Insights Management) 702

References

https://me.sap.com/notes/3487537

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 22, 2024