VDB

CISA-2024-34683

CISA-2024-34683 PUBLISHED CVSS 6.5 MEDIUM

Reported by sap · Published June 11, 2024

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Affected Products

VendorProductVersions
SAP_SESAP Document BuilderS4CORE 100, 101, S4FND 102
SAP_SESAP Document Builder101, 103, 104

Timeline

  • Jun 11, 2024 CVE Published
  • Aug 2, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›