VDB

GCVE-110-NCSC-2024-333

GCVE-110-NCSC-2024-333
Advisory PublishedCVSS 4.3/10
Vulnetix · Advisory published August 13, 2024
SAP heeft kwetsbaarheden verholpen in diverse producten als SAP Business Objects, SAP HANA, Netweaver en Document Builder.

Weaknesses (CWE)

CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-416Use After FreeCWE-704Incorrect Type Conversion or CastCWE-434Unrestricted Upload of File with Dangerous TypeCWE-918Server-Side Request Forgery (SSRF)CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-862Missing AuthorizationCWE-284Improper Access ControlCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-91XML Injection (aka Blind XPath Injection)

Risk Scores

CVSS 3.0
4.3/10
Medium · CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
sap_sesap_shared_service_framework
sap_sesap_bex_web_java_runtime_export_web_service
sap_sesap_businessobjects_business_intelligence_platform
sap_sesap_commerce_cloud
sap_sesap_crm_abap__insights_management_
sap_sesap_netweaver_application_server_abap_and_abap_platform
sapstudent_life_cycle_management
sapbusinessobjects_business_intelligence_platform
sap_sesap_document_builder
sap_sesap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server
sap_sesap_student_life_cycle_management__slcm_
sap_sesap_commerce_backoffice
sap_sesap_netweaver_application_server_abap
sap_sesap_permit_to_work
sapsap
sap_sesap_commerce
sapdocument_builder

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›