Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Business Workflow (WebFlow Services) by SAP_SE

    CVE-2024-34689 (GCVE-0-2024-34689)

    Vulnerability from nvd – Published: 2024-07-09 04:18 – Updated: 2024-08-02 02:59
    VLAI
    Title
    [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
    Summary
    WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Workflow (WebFlow Services) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Create a notification for this product.
    sap_se sap_business_workflow_\(webflow_services\) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
        cpe:2.3:a:sap_se:sap_business_workflow_\(webflow_services\):*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_workflow_\\(webflow_services\\):*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "sap_business_workflow_\\(webflow_services\\)",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 700"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 701"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 702"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 731"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 740"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 750"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 751"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 752"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 753"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 754"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 755"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 756"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 757"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 758"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T14:21:05.637426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T14:38:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:22.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3458789"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Workflow (WebFlow Services)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application.\n\n\n\n"
                }
              ],
              "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:18:21.258Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3458789"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-34689",
        "datePublished": "2024-07-09T04:18:21.258Z",
        "dateReserved": "2024-05-07T05:46:11.658Z",
        "dateUpdated": "2024-08-02T02:59:22.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34689 (GCVE-0-2024-34689)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:18 – Updated: 2024-08-02 02:59
    VLAI
    Title
    [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
    Summary
    WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Workflow (WebFlow Services) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Create a notification for this product.
    sap_se sap_business_workflow_\(webflow_services\) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
        cpe:2.3:a:sap_se:sap_business_workflow_\(webflow_services\):*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_workflow_\\(webflow_services\\):*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "sap_business_workflow_\\(webflow_services\\)",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 700"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 701"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 702"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 731"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 740"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 750"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 751"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 752"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 753"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 754"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 755"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 756"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 757"
                  },
                  {
                    "status": "affected",
                    "version": "SAP_BASIS 758"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-25T14:21:05.637426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T14:38:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:22.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3458789"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Workflow (WebFlow Services)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application.\n\n\n\n"
                }
              ],
              "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:18:21.258Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3458789"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-34689",
        "datePublished": "2024-07-09T04:18:21.258Z",
        "dateReserved": "2024-05-07T05:46:11.658Z",
        "dateUpdated": "2024-08-02T02:59:22.630Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }