CVE-2024-34692

Summary

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Enable NowWPB_MANAGER_CE 10affected
SAP_SESAP Enable NowWPB_MANAGER_HANA 10affected
SAP_SESAP Enable NowENABLE_NOW_CONSUMP_DEL 1704affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References