What is the severity of CVE-2024-41737?

CVE-2024-41737 has a moderate severity level due to the potential for information disclosure.

How do I fix CVE-2024-41737?

To fix CVE-2024-41737, apply the latest security patches provided by SAP for affected versions of SAP CRM ABAP.

What versions are affected by CVE-2024-41737?

CVE-2024-41737 affects multiple versions of SAP CRM ABAP Insights Management, including bbpcrm_700 to bbpcrm_714.

What type of attack does CVE-2024-41737 facilitate?

CVE-2024-41737 allows authenticated attackers to enumerate HTTP endpoints within the internal network.

What are the consequences of exploiting CVE-2024-41737?

Exploiting CVE-2024-41737 can lead to information disclosure but does not affect the integrity or availability of the application.

Vulnerability/
CVE-2024-41737

medium

CWE

918

13/8/2024

12/9/2024

CVE-2024-41737: Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

First published: Tue Aug 13 2024(Updated: )

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
Sap Crm Abap Insights Management	=bbpcrm_700
Sap Crm Abap Insights Management	=bbpcrm_701
Sap Crm Abap Insights Management	=bbpcrm_702
Sap Crm Abap Insights Management	=bbpcrm_712
Sap Crm Abap Insights Management	=bbpcrm_713
Sap Crm Abap Insights Management	=bbpcrm_714

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-41737?
CVE-2024-41737 has a moderate severity level due to the potential for information disclosure.
How do I fix CVE-2024-41737?
To fix CVE-2024-41737, apply the latest security patches provided by SAP for affected versions of SAP CRM ABAP.
What versions are affected by CVE-2024-41737?
CVE-2024-41737 affects multiple versions of SAP CRM ABAP Insights Management, including bbpcrm_700 to bbpcrm_714.
What type of attack does CVE-2024-41737 facilitate?
CVE-2024-41737 allows authenticated attackers to enumerate HTTP endpoints within the internal network.
What are the consequences of exploiting CVE-2024-41737?
Exploiting CVE-2024-41737 can lead to information disclosure but does not affect the integrity or availability of the application.

agent/title
agent/weakness
agent/references
agent/first-publish-date
agent/description
agent/type
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
agent/source
vendor/sap
canonical/sap crm abap insights management
version/sap crm abap insights management/bbpcrm_700
version/sap crm abap insights management/bbpcrm_701
version/sap crm abap insights management/bbpcrm_702
version/sap crm abap insights management/bbpcrm_712
version/sap crm abap insights management/bbpcrm_713
version/sap crm abap insights management/bbpcrm_714

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.