CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.

Published: Jul 9, 2024
Updated: May 4, 2025
CVE: CVE-2024-34689
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
sap / business_workflow	-	-
sap / sap_basis	700	700.x
sap / sap_basis	701	701.x
sap / sap_basis	702	702.x
sap / sap_basis	731	731.x
sap / sap_basis	740	740.x
sap / sap_basis	750	750.x
sap / sap_basis	751	751.x
sap / sap_basis	752	752.x
sap / sap_basis	753	753.x
sap / sap_basis	754	754.x
sap / sap_basis	755	755.x
sap / sap_basis	756	756.x
sap / sap_basis	757	757.x
sap / sap_basis	758	758.x

https://me.sap.com/notes/3458789
https://url.sap/sapsecuritypatchday

Vulnerability Database

290,206

CVE-2024-34689