An authenticated attacker can upload malicious
file to SAP Document Builder service. When the victim accesses this file, the
attacker is allowed to access, modify, or make the related information
unavailable in the victim’s browser.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3459379 | Permissions Required |
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch Vendor Advisory |
https://me.sap.com/notes/3459379 | Permissions Required |
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3459379 - Permissions Required | |
References | () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory |
09 Aug 2024, 20:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap
Sap document Builder |
|
References | () https://me.sap.com/notes/3459379 - Permissions Required | |
References | () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:* cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:* |
11 Jun 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-11 03:15
Updated : 2024-11-21 09:19
NVD link : CVE-2024-34683
Mitre link : CVE-2024-34683
CVE.ORG link : CVE-2024-34683
JSON object : View
Products Affected
sap
- document_builder
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type