THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-34683

Unrestricted file upload in SAP Document Builder (HTTP service)

Assignersap
Reserved2024-05-07
Published2024-06-11
Updated2024-06-11

Description

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.



MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

S4CORE 100
affected

101
affected

S4FND 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

SAP_BS_FND 702
affected

731
affected

746
affected

747
affected

748
affected

References

https://me.sap.com/notes/3459379

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34683

nvd.nist.gov CVE-2024-34683

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34683
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +