CVE-2024-54197: Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

7.2 CVSS

Description

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

Classification

CVE ID: CVE-2024-54197

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver Administrator(System Overview)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://me.sap.com/notes/3542543
https://url.sap/sapsecuritypatchday

Timeline

2024-12-11 00:31:08 UTC
CVE

Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)