CVE-2024-34689
MEDIUMSAP Business Workflow WebFlow - Authenticated Internal Endpoint Enumeration
Title source: manualDescription
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3458789
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.0
EPSS
0.0036
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (15)
sap/business_workflow
sap/sap_basis
700
sap/sap_basis
701
sap/sap_basis
702
sap/sap_basis
731
sap/sap_basis
740
sap/sap_basis
750
sap/sap_basis
751
sap/sap_basis
752
sap/sap_basis
753
... and 5 more
Published
Jul 09, 2024
Tracked Since
Feb 18, 2026