THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-33006

File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Reserved:2024-04-23
Published:2024-05-14
Updated:2024-05-14

Description

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.



CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

SAP_BASIS 700
affected

SAP_BASIS 701
affected

SAP_BASIS 702
affected

SAP_BASIS 731
affected

SAP_BASIS 740
affected

SAP_BASIS 750
affected

SAP_BASIS 751
affected

SAP_BASIS 752
affected

SAP_BASIS 753
affected

SAP_BASIS 754
affected

SAP_BASIS 755
affected

SAP_BASIS 756
affected

SAP_BASIS 757
affected

SAP_BASIS 758
affected

References

https://me.sap.com/notes/3448171

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-33006

nvd.nist.gov CVE-2024-33006

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-33006