CVE-2024-39598: [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
First published: Tue Jul 09 2024(Updated: )
SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Customer Relationship Management S4fnd | =102 | |
| Sap Customer Relationship Management S4fnd | =103 | |
| Sap Customer Relationship Management S4fnd | =104 | |
| Sap Customer Relationship Management S4fnd | =105 | |
| Sap Customer Relationship Management S4fnd | =106 | |
| Sap Customer Relationship Management S4fnd | =107 | |
| Sap Customer Relationship Management S4fnd | =108 | |
| Sap Customer Relationship Management Webclient Ui | =701 | |
| Sap Customer Relationship Management Webclient Ui | =731 | |
| Sap Customer Relationship Management Webclient Ui | =746 | |
| Sap Customer Relationship Management Webclient Ui | =747 | |
| Sap Customer Relationship Management Webclient Ui | =748 | |
| Sap Customer Relationship Management Webclient Ui | =800 | |
| Sap Customer Relationship Management Webclient Ui | =801 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39598?
CVE-2024-39598 is classified as a moderate severity vulnerability.
How do I fix CVE-2024-39598?
To fix CVE-2024-39598, ensure you apply the latest security patches provided by SAP for the affected versions.
What are the potential impacts of CVE-2024-39598?
Successful exploitation of CVE-2024-39598 can lead to information disclosure by allowing attackers to enumerate accessible HTTP endpoints.
Which versions of SAP are affected by CVE-2024-39598?
CVE-2024-39598 affects specific versions of SAP Customer Relationship Management S4FND and WebClient UI, including versions 102 through 108 and 701 through 801.
What types of attackers can exploit CVE-2024-39598?
CVE-2024-39598 can be exploited by authenticated attackers who can craft specific HTTP requests.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap customer relationship management s4fnd
- version/sap customer relationship management s4fnd/102
- version/sap customer relationship management s4fnd/103
- version/sap customer relationship management s4fnd/104
- version/sap customer relationship management s4fnd/105
- version/sap customer relationship management s4fnd/106
- version/sap customer relationship management s4fnd/107
- version/sap customer relationship management s4fnd/108
- canonical/sap customer relationship management webclient ui
- version/sap customer relationship management webclient ui/701
- version/sap customer relationship management webclient ui/731
- version/sap customer relationship management webclient ui/746
- version/sap customer relationship management webclient ui/747
- version/sap customer relationship management webclient ui/748
- version/sap customer relationship management webclient ui/800
- version/sap customer relationship management webclient ui/801