Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39598

SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Published

2024-07-09T04:15:14.860

Last Modified

2024-11-21T09:28:05.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	customer_relationship_management_s4fnd	102	Yes
Application	sap	customer_relationship_management_s4fnd	103	Yes
Application	sap	customer_relationship_management_s4fnd	104	Yes
Application	sap	customer_relationship_management_s4fnd	105	Yes
Application	sap	customer_relationship_management_s4fnd	106	Yes
Application	sap	customer_relationship_management_s4fnd	107	Yes
Application	sap	customer_relationship_management_s4fnd	108	Yes
Application	sap	customer_relationship_management_webclient_ui	701	Yes
Application	sap	customer_relationship_management_webclient_ui	731	Yes
Application	sap	customer_relationship_management_webclient_ui	746	Yes
Application	sap	customer_relationship_management_webclient_ui	747	Yes
Application	sap	customer_relationship_management_webclient_ui	748	Yes
Application	sap	customer_relationship_management_webclient_ui	800	Yes
Application	sap	customer_relationship_management_webclient_ui	801	Yes

References

https://me.sap.com/notes/3467377 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])
https://me.sap.com/notes/3467377 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://url.sap/sapsecuritypatchday Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)