SAP NetWeaver Administrator Vulnerability Allows HTTP Endpoint Enumeration and SSRF Attacks
CVE-2024-54197
7.2HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 10 December 2024
What is CVE-2024-54197?
The vulnerability in SAP NetWeaver Administrator allows an authenticated attacker to perform HTTP endpoint enumeration within the internal network by crafting specific HTTP requests. This exploitation could lead to Server-Side Request Forgery (SSRF), potentially compromising data confidentiality and integrity. The vulnerability does not affect the application's availability, but the resultant SSRF could allow attackers to interact with internal services, increasing the risk of broader network exploitation. Early mitigation is crucial to safeguard sensitive data and prevent unauthorized access.
Affected Version(s)
SAP NetWeaver Administrator(System Overview) LM-CORE 7.50