Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.

Published

2024-06-11T03:15:10.623

Last Modified

2024-11-21T09:19:11.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	document_builder	101	Yes
Application	sap	document_builder	103	Yes
Application	sap	document_builder	104	Yes
Application	sap	document_builder	105	Yes
Application	sap	document_builder	106	Yes
Application	sap	document_builder	107	Yes
Application	sap	document_builder	108	Yes
Application	sap	document_builder	731	Yes
Application	sap	document_builder	746	Yes
Application	sap	document_builder	747	Yes
Application	sap	document_builder	748	Yes
Application	sap	document_builder	s4core_100	Yes
Application	sap	document_builder	s4fnd_102	Yes
Application	sap	document_builder	sap_bs_fnd_702	Yes

References

https://me.sap.com/notes/3459379 Permissions Required ([email protected])
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch, Vendor Advisory ([email protected])
https://me.sap.com/notes/3459379 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)