{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-34683","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-05-07T05:46:11.656Z","datePublished":"2024-06-11T02:08:47.200Z","dateUpdated":"2024-08-02T02:59:22.208Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Document Builder","vendor":"SAP_SE","versions":[{"status":"affected","version":"S4CORE 100"},{"status":"affected","version":"101"},{"status":"affected","version":"S4FND 102"},{"status":"affected","version":"103"},{"status":"affected","version":"104"},{"status":"affected","version":"105"},{"status":"affected","version":"106"},{"status":"affected","version":"107"},{"status":"affected","version":"108"},{"status":"affected","version":"SAP_BS_FND 702"},{"status":"affected","version":"731"},{"status":"affected","version":"746"},{"status":"affected","version":"747"},{"status":"affected","version":"748"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim’s browser.\n\n\n\n"}],"value":"An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim’s browser."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434: Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-06-11T02:08:47.200Z"},"references":[{"url":"https://me.sap.com/notes/3459379"},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}],"source":{"discovery":"UNKNOWN"},"title":"Unrestricted file upload in SAP Document Builder (HTTP service)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-11T13:35:39.111955Z","id":"CVE-2024-34683","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-11T13:35:47.339Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T02:59:22.208Z"},"title":"CVE Program Container","references":[{"url":"https://me.sap.com/notes/3459379","tags":["x_transferred"]},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html","tags":["x_transferred"]}]}]}}