Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-54197— Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

CVSS 7.2 · High EPSS 0.16% · P37
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-54197

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP NetWeaver Administrator 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP NetWeaver Administrator(SAP NWA)是德国思爱普(SAP)公司的一个基于 Web 的框架工具,用于管理、配置和监控。 SAP NetWeaver Administrator存在代码问题漏洞,该漏洞源于允许经过身份验证的攻击者通过特制的 HTTP 请求枚举内部网络中可访问的 HTTP 端点,容易受到服务端请求伪造攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAP_SESAP NetWeaver Administrator(System Overview) LM-CORE 7.50 -

II. Public POCs for CVE-2024-54197

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-54197

登录查看更多情报信息。

Same Patch Batch · SAP_SE · 2024-12-10 · 11 CVEs total

CVE-2024-475789.1 CRITICALMultiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-541988.5 HIGHInformation Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver A
CVE-2024-475806.8 MEDIUMMultiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-475796.8 MEDIUMMultiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-475825.3 MEDIUMXML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
CVE-2024-327325.3 MEDIUMInformation Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
CVE-2024-475854.3 MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-475814.3 MEDIUMMissing Authorization check in SAP HCM (Approve Timesheets version 4)
CVE-2024-475763.3 LOWDLL Hijacking vulnerability in SAP Product Lifecycle Costing
CVE-2024-475772.7 LOWInformation Disclosure vulnerability in SAP Commerce Cloud

IV. Related Vulnerabilities

Same vendor: SAP_SE
Same weakness: CWE-918

V. Comments for CVE-2024-54197

No comments yet

Leave a comment