CVE-2024-54197

HIGH EPSS 18.9%

Published Dec 10, 20241y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Dec 10, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

CVSS Details

Base Score

7.2

Exploitability

3.9

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

18.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

References 2

me.sap.com https://me.sap.com/notes/3542543
url.sap https://url.sap/sapsecuritypatchday

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.