cve-2024-34683
Vulnerability from cvelistv5
Published
2024-06-11 02:08
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
Unrestricted file upload in SAP Document Builder (HTTP service)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3459379 | Permissions Required | |
| cna@sap.com | https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://me.sap.com/notes/3459379 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP_SE | SAP Document Builder |
Version: S4CORE 100 Version: 101 Version: S4FND 102 Version: 103 Version: 104 Version: 105 Version: 106 Version: 107 Version: 108 Version: SAP_BS_FND 702 Version: 731 Version: 746 Version: 747 Version: 748 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:35:39.111955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:35:47.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3459379"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Document Builder",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "SAP_BS_FND 702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "746"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "748"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser.\n\n\n\n"
}
],
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:08:47.200Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3459379"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unrestricted file upload in SAP Document Builder (HTTP service)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-34683",
"datePublished": "2024-06-11T02:08:47.200Z",
"dateReserved": "2024-05-07T05:46:11.656Z",
"dateUpdated": "2024-08-02T02:59:22.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-34683\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2024-06-11T03:15:10.623\",\"lastModified\":\"2024-11-21T09:19:11.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated attacker can upload malicious\\nfile to SAP Document Builder service. When the victim accesses this file, the\\nattacker is allowed to access, modify, or make the related information\\nunavailable in the victim\u2019s browser.\"},{\"lang\":\"es\",\"value\":\"Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la v\u00edctima accede a este archivo, el atacante puede acceder, modificar o hacer que la informaci\u00f3n relacionada no est\u00e9 disponible en el navegador de la v\u00edctima.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":3.7}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5350CBE5-1DC2-4385-BB54-CF00158A0E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AACFC047-8DF1-4A7A-8678-B06DA5FDB813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFEBE181-4350-4629-947E-04ED3CE715F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1C51CE6-E2A3-4100-A45E-5BE6997BF5CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E9BCB7-A284-4F3E-8894-A6BB02294959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9766F9DB-CF4F-45E3-B040-3962DBACECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B2AFEF-DE52-4D22-A67F-E85F7CACA118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C930294-CB73-4D42-A406-8579B60E43B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA983A4-C5D1-4757-BE08-224F69380A7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFD8074-7613-4E8A-B69E-691813EAC685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"662FF019-5901-4B3A-B5F6-CDFC9065783B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2A67C2-2564-4F41-BE38-C33D2C7CF9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3273C74F-E5FE-47A2-B7F8-E76095A64359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A14342E-3477-457C-AF13-54AFFA9DE1C0\"}]}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3459379\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://me.sap.com/notes/3459379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.