CVE-2024-34683

Published Jun 11, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-434

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5350CBE5-1DC2-4385-BB54-CF00158A0E41"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AACFC047-8DF1-4A7A-8678-B06DA5FDB813"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFEBE181-4350-4629-947E-04ED3CE715F9"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1C51CE6-E2A3-4100-A45E-5BE6997BF5CD"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36E9BCB7-A284-4F3E-8894-A6BB02294959"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9766F9DB-CF4F-45E3-B040-3962DBACECF6"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7B2AFEF-DE52-4D22-A67F-E85F7CACA118"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C930294-CB73-4D42-A406-8579B60E43B8"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AA983A4-C5D1-4757-BE08-224F69380A7D"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFD8074-7613-4E8A-B69E-691813EAC685"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "662FF019-5901-4B3A-B5F6-CDFC9065783B"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A2A67C2-2564-4F41-BE38-C33D2C7CF9E7"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References