CVE-2024-27898
Server-Side Request Forgery in SAP NetWeaver
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.
La aplicación SAP NetWeaver, debido a una validación de entrada insuficiente, permite a un atacante enviar una solicitud manipulada desde una aplicación web vulnerable dirigida a sistemas internos detrás de firewalls que normalmente son inaccesibles para un atacante desde la red externa, lo que resulta en una vulnerabilidad Server-Side Request Forgery. Teniendo así un bajo impacto en la confidencialidad.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-02-27 CVE Reserved
- 2024-04-09 CVE Published
- 2024-04-09 EPSS Updated
- 2024-08-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://me.sap.com/notes/3425188 | ||
| https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP NetWeaver Search vendor "SAP SE" for product "SAP NetWeaver" | 7.50 Search vendor "SAP SE" for product "SAP NetWeaver" and version "7.50" | en |
Affected
| ||||||