Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3476340 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
https://me.sap.com/notes/3476340 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
History
21 Nov 2024, 09:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3476340 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
09 Sep 2024, 15:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
CPE | cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:* | |
First Time |
Sap
Sap enable Now |
|
References | () https://me.sap.com/notes/3476340 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory |
09 Jul 2024, 18:19
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Jul 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-09 05:15
Updated : 2024-11-21 09:19
NVD link : CVE-2024-34692
Mitre link : CVE-2024-34692
CVE.ORG link : CVE-2024-34692
JSON object : View
Products Affected
sap
- enable_now
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type