// For flags

CVE-2024-34683

Unrestricted file upload in SAP Document Builder (HTTP service)

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An authenticated attacker can upload malicious
file to SAP Document Builder service. When the victim accesses this file, the
attacker is allowed to access, modify, or make the related information
unavailable in the victim’s browser.

Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la víctima accede a este archivo, el atacante puede acceder, modificar o hacer que la información relacionada no esté disponible en el navegador de la víctima.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-07 CVE Reserved
  • 2024-06-11 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
101
Search vendor "SAP SE" for product "SAP Document Builder" and version "101"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
103
Search vendor "SAP SE" for product "SAP Document Builder" and version "103"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
104
Search vendor "SAP SE" for product "SAP Document Builder" and version "104"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
105
Search vendor "SAP SE" for product "SAP Document Builder" and version "105"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
106
Search vendor "SAP SE" for product "SAP Document Builder" and version "106"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
107
Search vendor "SAP SE" for product "SAP Document Builder" and version "107"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
108
Search vendor "SAP SE" for product "SAP Document Builder" and version "108"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
731
Search vendor "SAP SE" for product "SAP Document Builder" and version "731"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
746
Search vendor "SAP SE" for product "SAP Document Builder" and version "746"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
747
Search vendor "SAP SE" for product "SAP Document Builder" and version "747"
en
Affected
SAP SE
Search vendor "SAP SE"
SAP Document Builder
Search vendor "SAP SE" for product "SAP Document Builder"
748
Search vendor "SAP SE" for product "SAP Document Builder" and version "748"
en
Affected