CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39591 – Missing Authorization check in SAP Document Builder
https://notcve.org/view.php?id=CVE-2024-39591
13 Aug 2024 — SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. • https://me.sap.com/notes/3477423 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-34683 – Unrestricted file upload in SAP Document Builder (HTTP service)
https://notcve.org/view.php?id=CVE-2024-34683
11 Jun 2024 — An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser. Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la víctima accede a este archivo, el atacante puede acceder, modificar o hacer que la información relacionada no esté disponible en el navegador de la víctima. An authenticated ... • https://me.sap.com/notes/3459379 • CWE-434: Unrestricted Upload of File with Dangerous Type •