THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-34683

Unrestricted file upload in SAP Document Builder (HTTP service)

Reserved:2024-05-07
Published:2024-06-11
Updated:2024-06-11

Description

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.



MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

S4CORE 100
affected

101
affected

S4FND 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

SAP_BS_FND 702
affected

731
affected

746
affected

747
affected

748
affected

References

https://me.sap.com/notes/3459379

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34683

nvd.nist.gov CVE-2024-34683

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34683