cve/2024/CVE-2024-39598.md
2025-09-29 21:09:30 +02:00

31 lines
2.0 KiB
Markdown

### [CVE-2024-39598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39598)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20CRM%20WebClient%20UI&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20102%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20103%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20104%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20105%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20106%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20107%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=S4FND%20108%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20701%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20731%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20746%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20747%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20748%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20800%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=WEBCUIF%20801%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery&color=brightgreen)
### Description
SAP CRM (WebClient UI Framework) allows anauthenticated attacker to enumerate accessible HTTP endpoints in the internalnetwork by specially crafting HTTP requests. On successful exploitation thiscan result in information disclosure. It has no impact on integrity andavailability of the application.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds