CVE-2024-34692
Last modified
CVE-2024-34692 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Enable Now | All versions |
References
- https://me.sap.com/notes/3476340Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
- https://me.sap.com/notes/3476340Permissions Required
- https://url.sap/sapsecuritypatchdayVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-34692?
How severe is CVE-2024-34692?
How do I fix CVE-2024-34692?
Are you affected by CVE-2024-34692?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST