CVE-2024-33006 | THREATINT

Description

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.

Reserved 2024-04-23 | Published 2024-05-14 | Updated 2024-08-02 | Assigner sap

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

SAP_BASIS 700

affected

SAP_BASIS 701

affected

SAP_BASIS 702

affected

SAP_BASIS 731

affected

SAP_BASIS 740

affected

SAP_BASIS 750

affected

SAP_BASIS 751

affected

SAP_BASIS 752

affected

SAP_BASIS 753

affected

SAP_BASIS 754

affected

SAP_BASIS 755

affected

SAP_BASIS 756

affected

SAP_BASIS 757

affected

SAP_BASIS 758

affected

References

me.sap.com/notes/3448171

support.sap.com/...t/knowledge-base/security-notes-news.html

cve.org (CVE-2024-33006)

nvd.nist.gov (CVE-2024-33006)

Download JSON