First published: Tue Aug 13 2024(Updated: )
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sap Crm Abap Insights Management | =bbpcrm_700 | |
Sap Crm Abap Insights Management | =bbpcrm_701 | |
Sap Crm Abap Insights Management | =bbpcrm_702 | |
Sap Crm Abap Insights Management | =bbpcrm_712 | |
Sap Crm Abap Insights Management | =bbpcrm_713 | |
Sap Crm Abap Insights Management | =bbpcrm_714 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41737 has a moderate severity level due to the potential for information disclosure.
To fix CVE-2024-41737, apply the latest security patches provided by SAP for affected versions of SAP CRM ABAP.
CVE-2024-41737 affects multiple versions of SAP CRM ABAP Insights Management, including bbpcrm_700 to bbpcrm_714.
CVE-2024-41737 allows authenticated attackers to enumerate HTTP endpoints within the internal network.
Exploiting CVE-2024-41737 can lead to information disclosure but does not affect the integrity or availability of the application.