CWE
434
Advisory Published
Updated

CVE-2024-34683: Unrestricted file upload in SAP Document Builder (HTTP service)

First published: Tue Jun 11 2024(Updated: )

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.

Credit: cna@sap.com

Affected SoftwareAffected VersionHow to fix
SAP Document Builder=101
SAP Document Builder=103
SAP Document Builder=104
SAP Document Builder=105
SAP Document Builder=106
SAP Document Builder=107
SAP Document Builder=108
SAP Document Builder=731
SAP Document Builder=746
SAP Document Builder=747
SAP Document Builder=748
SAP Document Builder=s4core_100
SAP Document Builder=s4fnd_102
SAP Document Builder=sap_bs_fnd_702

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203