What is the severity of CVE-2024-34689?

CVE-2024-34689 is classified as a medium severity vulnerability.

How do I fix CVE-2024-34689?

To fix CVE-2024-34689, update your SAP Business Workflow to the latest patched version from SAP.

What types of attacks are possible with CVE-2024-34689?

CVE-2024-34689 allows authenticated attackers to enumerate HTTP endpoints, potentially leading to information disclosure.

Which SAP products are affected by CVE-2024-34689?

CVE-2024-34689 affects various versions of SAP Business Workflow and SAP Basis, specifically from versions 700 to 758.

Can CVE-2024-34689 impact system integrity?

CVE-2024-34689 does not impact the integrity or availability of the system, only the confidentiality of information.

Vulnerability/
CVE-2024-34689

medium

CWE

918

9/7/2024

9/9/2024

CVE-2024-34689: [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

First published: Tue Jul 09 2024(Updated: )

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP Business Workflow
SAP Basis	=700
SAP Basis	=701
SAP Basis	=702
SAP Basis	=731
SAP Basis	=740
SAP Basis	=750
SAP Basis	=751
SAP Basis	=752
SAP Basis	=753
SAP Basis	=754
SAP Basis	=755
SAP Basis	=756
SAP Basis	=757
SAP Basis	=758

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-34689?
CVE-2024-34689 is classified as a medium severity vulnerability.
How do I fix CVE-2024-34689?
To fix CVE-2024-34689, update your SAP Business Workflow to the latest patched version from SAP.
What types of attacks are possible with CVE-2024-34689?
CVE-2024-34689 allows authenticated attackers to enumerate HTTP endpoints, potentially leading to information disclosure.
Which SAP products are affected by CVE-2024-34689?
CVE-2024-34689 affects various versions of SAP Business Workflow and SAP Basis, specifically from versions 700 to 758.
Can CVE-2024-34689 impact system integrity?
CVE-2024-34689 does not impact the integrity or availability of the system, only the confidentiality of information.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap business workflow
canonical/sap basis
version/sap basis/700
version/sap basis/701
version/sap basis/702
version/sap basis/731
version/sap basis/740
version/sap basis/750
version/sap basis/751
version/sap basis/752
version/sap basis/753
version/sap basis/754
version/sap basis/755
version/sap basis/756
version/sap basis/757
version/sap basis/758

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.