Plattform
sap
Komponente
sap-netweaver-administrator-system-overview
Behoben in
7.50.1
CVE-2024-54197 describes a Server-Side Request Forgery (SSRF) vulnerability within the SAP NetWeaver Administrator(System Overview) component. This flaw allows an authenticated attacker to enumerate accessible HTTP endpoints within the internal network. Successful exploitation can compromise the integrity and confidentiality of data, though it does not impact application availability. The vulnerability affects versions 7.50–LM-CORE 7.50, with a fix available in version 7.50.1.
The SSRF vulnerability in SAP NetWeaver Administrator(System Overview) enables an attacker, once authenticated, to craft HTTP requests that the system will execute on their behalf. This allows the attacker to discover internal HTTP endpoints that are not directly accessible from the outside world. While the vulnerability’s impact on availability is minimal, the enumeration of internal services can expose sensitive information or provide a stepping stone for further attacks. An attacker could potentially leverage this to access internal resources, read sensitive configuration files, or even trigger actions on other internal systems, depending on the exposed endpoints and their functionality. The potential for data exfiltration and lateral movement should be carefully considered.
CVE-2024-54197 was publicly disclosed on December 10, 2024. Its CVSS score of 7.2 (HIGH) indicates a significant risk. While no public proof-of-concept (PoC) code has been widely reported, the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog. Given the ease of SSRF exploitation, organizations should prioritize patching.
Organizations heavily reliant on SAP NetWeaver for critical business processes are at significant risk. Specifically, environments with limited network segmentation or overly permissive firewall rules are more vulnerable. Those using older, unsupported versions of SAP NetWeaver Administrator(System Overview) are also at increased risk due to the lack of security updates.
• linux / server:
journalctl -u sapstartsrv -g "HTTP request"• sap:
Review SAP system logs for unusual HTTP requests originating from the NetWeaver Administrator component, specifically looking for requests to internal IP addresses or unusual hostnames.
• generic web:
Use curl to probe for internal endpoints. For example, curl -v http://<NetWeaverAdminIP>/<potentialinternalendpoint> and analyze the response headers and body for signs of internal resource exposure.
disclosure
Exploit-Status
EPSS
0.12% (31% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-54197 is to upgrade SAP NetWeaver Administrator(System Overview) to version 7.50.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the NetWeaver Administrator component using firewalls or network segmentation. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can also provide a layer of defense. Monitor SAP system logs for unusual HTTP requests originating from the NetWeaver Administrator component. After upgrading, verify the fix by attempting to enumerate internal HTTP endpoints using the same crafted requests that trigger the vulnerability; successful enumeration should no longer be possible.
Wenden Sie das von SAP bereitgestellte Sicherheitsupdate an. Weitere Details und spezifische Anweisungen zum Update finden Sie in der SAP-Notiz 3542543.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-54197 is a Server-Side Request Forgery vulnerability in SAP NetWeaver Administrator(System Overview) allowing authenticated attackers to enumerate internal HTTP endpoints.
Yes, if you are using SAP NetWeaver Administrator(System Overview) versions 7.50–LM-CORE 7.50, you are affected by this vulnerability.
Upgrade to version 7.50.1 or later to resolve the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability suggests a high likelihood of exploitation.
Refer to the official SAP Security Notes for detailed information and remediation steps: [https://security.sap.com/](https://security.sap.com/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.