Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3476340 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
History
09 Sep 2024, 15:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3476340 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
CPE | cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:* | |
First Time |
Sap
Sap enable Now |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
09 Jul 2024, 18:19
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Jul 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-09 05:15
Updated : 2024-09-09 15:33
NVD link : CVE-2024-34692
Mitre link : CVE-2024-34692
CVE.ORG link : CVE-2024-34692
JSON object : View
Products Affected
sap
- enable_now
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type