Platform
sap
Component
sap-netweaver-administrator-system-overview
Fixed in
7.50.1
CVE-2024-54197 describes a Server-Side Request Forgery (SSRF) vulnerability within the SAP NetWeaver Administrator(System Overview) component. This flaw allows an authenticated attacker to enumerate accessible HTTP endpoints within the internal network. Successful exploitation can compromise the integrity and confidentiality of data, though it does not impact application availability. The vulnerability affects versions 7.50–LM-CORE 7.50, with a fix available in version 7.50.1.
The SSRF vulnerability in SAP NetWeaver Administrator(System Overview) enables an attacker, once authenticated, to craft HTTP requests that the system will execute on their behalf. This allows the attacker to discover internal HTTP endpoints that are not directly accessible from the outside world. While the vulnerability’s impact on availability is minimal, the enumeration of internal services can expose sensitive information or provide a stepping stone for further attacks. An attacker could potentially leverage this to access internal resources, read sensitive configuration files, or even trigger actions on other internal systems, depending on the exposed endpoints and their functionality. The potential for data exfiltration and lateral movement should be carefully considered.
CVE-2024-54197 was publicly disclosed on December 10, 2024. Its CVSS score of 7.2 (HIGH) indicates a significant risk. While no public proof-of-concept (PoC) code has been widely reported, the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog. Given the ease of SSRF exploitation, organizations should prioritize patching.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-54197 is to upgrade SAP NetWeaver Administrator(System Overview) to version 7.50.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting outbound network access for the NetWeaver Administrator component using firewalls or network segmentation. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can also provide a layer of defense. Monitor SAP system logs for unusual HTTP requests originating from the NetWeaver Administrator component. After upgrading, verify the fix by attempting to enumerate internal HTTP endpoints using the same crafted requests that trigger the vulnerability; successful enumeration should no longer be possible.
Apply the security update provided by SAP. Consult SAP note 3542543 for more details and specific instructions on the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-54197 is a Server-Side Request Forgery vulnerability in SAP NetWeaver Administrator(System Overview) allowing authenticated attackers to enumerate internal HTTP endpoints.
Yes, if you are using SAP NetWeaver Administrator(System Overview) versions 7.50–LM-CORE 7.50, you are affected by this vulnerability.
Upgrade to version 7.50.1 or later to resolve the vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability suggests a high likelihood of exploitation.
Refer to the official SAP Security Notes for detailed information and remediation steps: [https://security.sap.com/](https://security.sap.com/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.