← Back

CVE-2024-34683

nvd nist
Published: Jun 11, 2024Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Exploitability: 2.3 / Impact: 3.7
Source: NVD

Description

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.

Affected (14)

Sap
1 product
Document Builder
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Document Builder
Version 101
Document Builder
Version 103
Document Builder
Version 104
Document Builder
Version 105
Document Builder
Version 106
Document Builder
Version 107
Document Builder
Version 108
Document Builder
Version 731
Document Builder
Version 746
Document Builder
Version 747
Document Builder
Version 748
Document Builder
Version s4core_100
Document Builder
Version s4fnd_102
Document Builder
Version sap_bs_fnd_702

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.