CVE-2024-34692

{"id": "CVE-2024-34692", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2024-07-09T05:15:11.183", "references": [{"url": "https://me.sap.com/notes/3476340", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3476340", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Due to missing verification of file type or\ncontent, SAP Enable Now allows an authenticated attacker to upload arbitrary\nfiles. These files include executables which might be downloaded and executed\nby the user which could host malware. On successful exploitation an attacker\ncan cause limited impact on confidentiality and Integrity of the application."}, {"lang": "es", "value": "Debido a la falta de verificaci\u00f3n del tipo o contenido del archivo, SAP Enable Now permite que un atacante autenticado cargue archivos arbitrarios. Estos archivos incluyen archivos ejecutables que el usuario puede descargar y ejecutar y que podr\u00edan alojar malware. Si un atacante la explota con \u00e9xito, puede causar un impacto limitado en la confidencialidad y la integridad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:19:12.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1C2C770-82FA-45DE-9EEA-E377501B05A9"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}