CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*

History

21 Nov 2024, 09:19

Type Values Removed Values Added
References () https://me.sap.com/notes/3459379 - Permissions Required () https://me.sap.com/notes/3459379 - Permissions Required
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory

09 Aug 2024, 20:04

Type Values Removed Values Added
First Time Sap
Sap document Builder
References () https://me.sap.com/notes/3459379 - () https://me.sap.com/notes/3459379 - Permissions Required
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory
CPE cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*

11 Jun 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la víctima accede a este archivo, el atacante puede acceder, modificar o hacer que la información relacionada no esté disponible en el navegador de la víctima.

11 Jun 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 03:15

Updated : 2024-11-21 09:19


NVD link : CVE-2024-34683

Mitre link : CVE-2024-34683

CVE.ORG link : CVE-2024-34683


JSON object : View

Products Affected

sap

  • document_builder
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type