SAP NetWeaver Administrator (System Overview) 中的服务器端请求伪造漏洞

攻击者利用此SSRF漏洞，可以枚举SAP NetWeaver Administrator(System Overview)内部网络中的HTTP端点。虽然漏洞对可用性没有影响，但攻击者可能利用这些端点访问敏感信息，例如内部服务配置或数据库凭据。攻击者还可以利用SSRF漏洞发起进一步的攻击，例如扫描内部网络或尝试访问其他内部系统。虽然影响程度被认为是较低的，但潜在的数据泄露风险仍然值得关注，尤其是在内部网络中存在其他敏感资源的情况下。

Organizations heavily reliant on SAP NetWeaver for critical business processes are at significant risk. Specifically, environments with limited network segmentation or overly permissive firewall rules are more vulnerable. Those using older, unsupported versions of SAP NetWeaver Administrator(System Overview) are also at increased risk due to the lack of security updates.

• linux / server:

journalctl -u sapstartsrv -g "HTTP request"

• sap: Review SAP system logs for unusual HTTP requests originating from the NetWeaver Administrator component, specifically looking for requests to internal IP addresses or unusual hostnames. • generic web: Use curl to probe for internal endpoints. For example, curl -v http://<NetWeaverAdminIP>/<potentialinternalendpoint> and analyze the response headers and body for signs of internal resource exposure.

1. 2024-12-10Disclosure

   disclosure

1. 已保留2024-12-02
2. 发布日期2024-12-10
3. EPSS 更新日期2026-04-02

为了缓解CVE-2024-54197的影响，建议立即升级到SAP NetWeaver Administrator(System Overview) 7.50.1版本或更高版本。如果无法立即升级，可以考虑实施网络隔离措施，限制对SAP NetWeaver Administrator(System Overview)的访问。此外，可以配置Web应用防火墙(WAF)或代理服务器，以检测和阻止恶意HTTP请求。监控SAP NetWeaver Administrator(System Overview)的日志，查找可疑活动，例如异常的HTTP请求或未授权的访问尝试。