Scan free
HIGHCVE-2024-54197CVSS 7.2

CVE-2024-54197: SSRF in SAP NetWeaver Administrator(System Overview)

Platform

sap

Component

sap-netweaver-administrator-system-overview

Fixed in

7.50.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2024-54197 describes a Server-Side Request Forgery (SSRF) vulnerability within the SAP NetWeaver Administrator(System Overview) component. This flaw allows an authenticated attacker to enumerate accessible HTTP endpoints within the internal network. Successful exploitation can compromise the integrity and confidentiality of data, though it does not impact application availability. The vulnerability affects versions 7.50–LM-CORE 7.50, with a fix available in version 7.50.1.

Impact and Attack Scenarios

The SSRF vulnerability in SAP NetWeaver Administrator(System Overview) enables an attacker, once authenticated, to craft HTTP requests that the system will execute on their behalf. This allows the attacker to discover internal HTTP endpoints that are not directly accessible from the outside world. While the vulnerability’s impact on availability is minimal, the enumeration of internal services can expose sensitive information or provide a stepping stone for further attacks. An attacker could potentially leverage this to access internal resources, read sensitive configuration files, or even trigger actions on other internal systems, depending on the exposed endpoints and their functionality. The potential for data exfiltration and lateral movement should be carefully considered.

Exploitation Context

CVE-2024-54197 was publicly disclosed on December 10, 2024. Its CVSS score of 7.2 (HIGH) indicates a significant risk. While no public proof-of-concept (PoC) code has been widely reported, the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog. Given the ease of SSRF exploitation, organizations should prioritize patching.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.12% (31% percentile)

CISA SSVC

Exploitationnone
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N7.2HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentsap-netweaver-administrator-system-overview
VendorSAP_SE
Affected rangeFixed in
LM-CORE 7.50 – LM-CORE 7.507.50.1

Weakness Classification (CWE)

CWE-918

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-54197 is to upgrade SAP NetWeaver Administrator(System Overview) to version 7.50.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the NetWeaver Administrator component using firewalls or network segmentation. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can also provide a layer of defense. Monitor SAP system logs for unusual HTTP requests originating from the NetWeaver Administrator component. After upgrading, verify the fix by attempting to enumerate internal HTTP endpoints using the same crafted requests that trigger the vulnerability; successful enumeration should no longer be possible.

How to fix

Apply the security update provided by SAP. Consult SAP note 3542543 for more details and specific instructions on the update.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-54197 — SSRF in SAP NetWeaver Administrator(System Overview)?

CVE-2024-54197 is a Server-Side Request Forgery vulnerability in SAP NetWeaver Administrator(System Overview) allowing authenticated attackers to enumerate internal HTTP endpoints.

Am I affected by CVE-2024-54197 in SAP NetWeaver Administrator(System Overview)?

Yes, if you are using SAP NetWeaver Administrator(System Overview) versions 7.50–LM-CORE 7.50, you are affected by this vulnerability.

How do I fix CVE-2024-54197 in SAP NetWeaver Administrator(System Overview)?

Upgrade to version 7.50.1 or later to resolve the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.

Is CVE-2024-54197 being actively exploited?

While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability suggests a high likelihood of exploitation.

Where can I find the official SAP advisory for CVE-2024-54197?

Refer to the official SAP Security Notes for detailed information and remediation steps: [https://security.sap.com/](https://security.sap.com/)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs