Vulnerability Details CVE-2024-39598
SAP CRM (WebClient UI Framework) allows an
authenticated attacker to enumerate accessible HTTP endpoints in the internal
network by specially crafting HTTP requests. On successful exploitation this
can result in information disclosure. It has no impact on integrity and
availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.8%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2024-39598
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:102
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:103
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:104
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:105
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:106
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:107
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:108
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801