VDB
CISA-2024-34683
CISA-2024-34683
PUBLISHED
CVSS 6.5 MEDIUM
Reported by sap · Published June 11, 2024
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP Document Builder | S4CORE 100, 101, S4FND 102 |
| SAP_SE | SAP Document Builder | 101, 103, 104 |
Timeline
- Jun 11, 2024 CVE Published
- Aug 2, 2024 CVE Updated