CWE
918
Advisory Published
Updated

CVE-2024-41737: Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

First published: Tue Aug 13 2024(Updated: )

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Credit: cna@sap.com

Affected SoftwareAffected VersionHow to fix
Sap Crm Abap Insights Management=bbpcrm_700
Sap Crm Abap Insights Management=bbpcrm_701
Sap Crm Abap Insights Management=bbpcrm_702
Sap Crm Abap Insights Management=bbpcrm_712
Sap Crm Abap Insights Management=bbpcrm_713
Sap Crm Abap Insights Management=bbpcrm_714

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-41737?

    CVE-2024-41737 has a moderate severity level due to the potential for information disclosure.

  • How do I fix CVE-2024-41737?

    To fix CVE-2024-41737, apply the latest security patches provided by SAP for affected versions of SAP CRM ABAP.

  • What versions are affected by CVE-2024-41737?

    CVE-2024-41737 affects multiple versions of SAP CRM ABAP Insights Management, including bbpcrm_700 to bbpcrm_714.

  • What type of attack does CVE-2024-41737 facilitate?

    CVE-2024-41737 allows authenticated attackers to enumerate HTTP endpoints within the internal network.

  • What are the consequences of exploiting CVE-2024-41737?

    Exploiting CVE-2024-41737 can lead to information disclosure but does not affect the integrity or availability of the application.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203