Описание
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:business_workflow:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00278
Низкий
5 Medium
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 5
github
больше 1 года назад
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
EPSS
Процентиль: 51%
0.00278
Низкий
5 Medium
CVSS3
Дефекты
CWE-918
CWE-918