6.5
CVE-2024-34683
- EPSS 0.19%
- Veröffentlicht 11.06.2024 03:15:10
- Zuletzt bearbeitet 21.11.2024 09:19:11
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Document Builder Version101
SAP ≫ Document Builder Version103
SAP ≫ Document Builder Version104
SAP ≫ Document Builder Version105
SAP ≫ Document Builder Version106
SAP ≫ Document Builder Version107
SAP ≫ Document Builder Version108
SAP ≫ Document Builder Version731
SAP ≫ Document Builder Version746
SAP ≫ Document Builder Version747
SAP ≫ Document Builder Version748
SAP ≫ Document Builder Versions4core_100
SAP ≫ Document Builder Versions4fnd_102
SAP ≫ Document Builder Versionsap_bs_fnd_702
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.3 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
|
| cna@sap.com | 6.5 | 2.3 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.