CVE-2024-34692
3.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Enable Now | WPB_MANAGER_CE 10 | affected |
| SAP_SE | SAP Enable Now | WPB_MANAGER_HANA 10 | affected |
| SAP_SE | SAP Enable Now | ENABLE_NOW_CONSUMP_DEL 1704 | affected |
Weaknesses
- CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.