CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
14.7%
SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | crm_abap_insights_management | bbpcrm_700 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_700:*:*:*:*:*:*:* |
sap | crm_abap_insights_management | bbpcrm_701 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_701:*:*:*:*:*:*:* |
sap | crm_abap_insights_management | bbpcrm_702 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_702:*:*:*:*:*:*:* |
sap | crm_abap_insights_management | bbpcrm_712 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_712:*:*:*:*:*:*:* |
sap | crm_abap_insights_management | bbpcrm_713 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_713:*:*:*:*:*:*:* |
sap | crm_abap_insights_management | bbpcrm_714 | cpe:2.3:a:sap:crm_abap_insights_management:bbpcrm_714:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "SAP CRM ABAP (Insights Management)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "BBPCRM 700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "712"
},
{
"status": "affected",
"version": "713"
},
{
"status": "affected",
"version": "714"
}
]
}
]