VDB
GCVE-110-NCSC-2024-333
GCVE-110-NCSC-2024-333
Advisory PublishedCVSS 4.3/10
SAP heeft kwetsbaarheden verholpen in diverse producten als SAP Business Objects, SAP HANA, Netweaver en Document Builder.
Weaknesses (CWE)
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-416Use After FreeCWE-704Incorrect Type Conversion or CastCWE-434Unrestricted Upload of File with Dangerous TypeCWE-918Server-Side Request Forgery (SSRF)CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-862Missing AuthorizationCWE-284Improper Access ControlCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-91XML Injection (aka Blind XPath Injection)
Risk Scores
CVSS 3.0
4.3/10
Medium · CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| sap_se | sap_shared_service_framework | — | — |
| sap_se | sap_bex_web_java_runtime_export_web_service | — | — |
| sap_se | sap_businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_crm_abap__insights_management_ | — | — |
| sap_se | sap_netweaver_application_server_abap_and_abap_platform | — | — |
| sap | student_life_cycle_management | — | — |
| sap | businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_document_builder | — | — |
| sap_se | sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server | — | — |
| sap_se | sap_student_life_cycle_management__slcm_ | — | — |
| sap_se | sap_commerce_backoffice | — | — |
| sap_se | sap_netweaver_application_server_abap | — | — |
| sap_se | sap_permit_to_work | — | — |
| sap | sap | — | — |
| sap_se | sap_commerce | — | — |
| sap | document_builder | — | — |
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.