CVE-2024-54197
HIGHSAP NetWeaver Administrator(System Overview) >=LM-CORE 7.50 <LM-CORE 7.50 - Authenticated Server-Side Request Forgery
Title source: llmDescription
SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3542543
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
7.2
EPSS
0.0016
EPSS Percentile
37.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
SAP_SE/SAP NetWeaver Administrator(System Overview)
LM-CORE 7.50
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026