Assigner | sap |
Reserved | 2024-05-07 |
Published | 2024-06-11 |
Updated | 2024-06-11 |
Description
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Problem types
CWE-434: Unrestricted Upload of File with Dangerous Type
Product status
S4CORE 100
101
S4FND 102
103
104
105
106
107
108
SAP_BS_FND 702
731
746
747
748
References
https://me.sap.com/notes/3459379
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html