cve/2024/CVE-2024-41737.md

### [CVE-2024-41737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41737)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20CRM%20ABAP%20(Insights%20Management)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=701%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=702%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=712%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=713%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=714%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=BBPCRM%20700%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery&color=brightgreen)

### Description

SAP CRM ABAP (InsightsManagement) allows an authenticated attacker to enumerate HTTP endpoints in theinternal network by specially crafting HTTP requests. On successfulexploitation this can result in information disclosure. It has no impact onintegrity and availability of the application.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-41737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41737)`
			`![](https://img.shields.io/static/v1?label=Product&message=SAP%20CRM%20ABAP%20(Insights%20Management)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=701%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=702%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=712%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=713%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=714%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=BBPCRM%20700%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery&color=brightgreen)`

			`### Description`

			`SAP CRM ABAP (InsightsManagement) allows an authenticated attacker to enumerate HTTP endpoints in theinternal network by specially crafting HTTP requests. On successfulexploitation this can result in information disclosure. It has no impact onintegrity and availability of the application.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`