CVE-2024-34692

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.
References
Link Resource
https://me.sap.com/notes/3476340 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
https://me.sap.com/notes/3476340 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:19

Type Values Removed Values Added
References () https://me.sap.com/notes/3476340 - Permissions Required () https://me.sap.com/notes/3476340 - Permissions Required
References () https://url.sap/sapsecuritypatchday - Vendor Advisory () https://url.sap/sapsecuritypatchday - Vendor Advisory
CVSS v2 : unknown
v3 : 4.6
v2 : unknown
v3 : 3.3

09 Sep 2024, 15:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.3
v2 : unknown
v3 : 4.6
CPE cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:*
First Time Sap
Sap enable Now
References () https://me.sap.com/notes/3476340 - () https://me.sap.com/notes/3476340 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory

09 Jul 2024, 18:19

Type Values Removed Values Added
Summary
  • (es) Debido a la falta de verificación del tipo o contenido del archivo, SAP Enable Now permite que un atacante autenticado cargue archivos arbitrarios. Estos archivos incluyen archivos ejecutables que el usuario puede descargar y ejecutar y que podrían alojar malware. Si un atacante la explota con éxito, puede causar un impacto limitado en la confidencialidad y la integridad de la aplicación.

09 Jul 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 05:15

Updated : 2024-11-21 09:19


NVD link : CVE-2024-34692

Mitre link : CVE-2024-34692

CVE.ORG link : CVE-2024-34692


JSON object : View

Products Affected

sap

  • enable_now
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type