Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to SAP_SE - SAP Business Workflow (WebFlow Services)

cve-2024-34689

Vulnerability from cvelistv5

Published

2024-07-09 04:18

Modified

2024-08-02 02:59

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Summary

[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

References

▼	URL	Tags
	https://url.sap/sapsecuritypatchday
	https://me.sap.com/notes/3458789

Impacted products

Vendor

Product

Version

▼

SAP_SE

SAP Business Workflow (WebFlow Services)

Version: SAP_BASIS 700
Version: SAP_BASIS 701
Version: SAP_BASIS 702
Version: SAP_BASIS 731
Version: SAP_BASIS 740
Version: SAP_BASIS 750
Version: SAP_BASIS 751
Version: SAP_BASIS 752
Version: SAP_BASIS 753
Version: SAP_BASIS 754
Version: SAP_BASIS 755
Version: SAP_BASIS 756
Version: SAP_BASIS 757
Version: SAP_BASIS 758

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sap_se:sap_business_workflow_\\(webflow_services\\):*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sap_business_workflow_\\(webflow_services\\)",
            "vendor": "sap_se",
            "versions": [
              {
                "status": "affected",
                "version": "SAP_BASIS 700"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 701"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 702"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 731"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 740"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 750"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 751"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 752"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 753"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 754"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 755"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 756"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 757"
              },
              {
                "status": "affected",
                "version": "SAP_BASIS 758"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T14:21:05.637426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T14:38:25.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://url.sap/sapsecuritypatchday"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://me.sap.com/notes/3458789"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP Business Workflow (WebFlow Services)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_BASIS 700"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 701"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 702"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 731"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 740"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 750"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 751"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 752"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 753"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 754"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 755"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 756"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 757"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 758"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application.\n\n\n\n"
            }
          ],
          "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T04:18:21.258Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://url.sap/sapsecuritypatchday"
        },
        {
          "url": "https://me.sap.com/notes/3458789"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2024-34689",
    "datePublished": "2024-07-09T04:18:21.258Z",
    "dateReserved": "2024-05-07T05:46:11.658Z",
    "dateUpdated": "2024-08-02T02:59:22.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}