{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34683", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-05-07T05:46:11.656Z", "datePublished": "2024-06-11T02:08:47.200Z", "dateUpdated": "2024-08-02T02:59:22.208Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Document Builder", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CORE 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "S4FND 102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "SAP_BS_FND 702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "746"}, {"status": "affected", "version": "747"}, {"status": "affected", "version": "748"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser.\n\n\n\n"}], "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-06-11T02:08:47.200Z"}, "references": [{"url": "https://me.sap.com/notes/3459379"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Unrestricted file upload in SAP Document Builder (HTTP service)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T13:35:39.111955Z", "id": "CVE-2024-34683", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T13:35:47.339Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.208Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3459379", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3459379", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.208Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34683", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T13:35:39.111955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T13:35:43.941Z"}}], "cna": {"title": "Unrestricted file upload in SAP Document Builder (HTTP service)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Document Builder", "versions": [{"status": "affected", "version": "S4CORE 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "S4FND 102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "SAP_BS_FND 702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "746"}, {"status": "affected", "version": "747"}, {"status": "affected", "version": "748"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3459379"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser.", "supportingMedia": [{"type": "text/html", "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-06-11T02:08:47.200Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34683", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:22.208Z", "dateReserved": "2024-05-07T05:46:11.656Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-06-11T02:08:47.200Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*", "matchCriteriaId": "5350CBE5-1DC2-4385-BB54-CF00158A0E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*", "matchCriteriaId": "AACFC047-8DF1-4A7A-8678-B06DA5FDB813", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*", "matchCriteriaId": "DFEBE181-4350-4629-947E-04ED3CE715F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*", "matchCriteriaId": "D1C51CE6-E2A3-4100-A45E-5BE6997BF5CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*", "matchCriteriaId": "36E9BCB7-A284-4F3E-8894-A6BB02294959", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*", "matchCriteriaId": "9766F9DB-CF4F-45E3-B040-3962DBACECF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*", "matchCriteriaId": "F7B2AFEF-DE52-4D22-A67F-E85F7CACA118", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*", "matchCriteriaId": "5C930294-CB73-4D42-A406-8579B60E43B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*", "matchCriteriaId": "5AA983A4-C5D1-4757-BE08-224F69380A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*", "matchCriteriaId": "1AFD8074-7613-4E8A-B69E-691813EAC685", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*", "matchCriteriaId": "662FF019-5901-4B3A-B5F6-CDFC9065783B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*", "matchCriteriaId": "1A2A67C2-2564-4F41-BE38-C33D2C7CF9E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*", "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*", "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."}, {"lang": "es", "value": "Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la v\u00edctima accede a este archivo, el atacante puede acceder, modificar o hacer que la informaci\u00f3n relacionada no est\u00e9 disponible en el navegador de la v\u00edctima."}], "id": "CVE-2024-34683", "lastModified": "2024-11-21T09:19:11.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-11T03:15:10.623", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3459379"}, {"source": "cna@sap.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3459379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}