SAP CRM ABAP (Insights Management) Vulnerability: Possible Information Disclosure

CVE-2024-41737

5MEDIUM

Key Information

Vendor: SAP
Status: SAP Crm Abap (insights Management)
Vendor: CVE Published:; 13 August 2024

Summary

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Affected Version(s)

SAP CRM ABAP (Insights Management) = BBPCRM 700

SAP CRM ABAP (Insights Management) = 701

SAP CRM ABAP (Insights Management) = 702

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jul 22, 2024

Collectors

NVD DatabaseMitre Database