Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-34692
HistoryJul 09, 2024 - 5:15 a.m.

CVE-2024-34692

2024-07-0905:15:11
CWE-434
[email protected]
web.nvd.nist.gov
4
sap enable now
file type verification
arbitrary files
malware execution
confidentiality
integrity
cve

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS

0

Percentile

14.7%

JSON

Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.

Affected configurations

Nvd
Node
sapenable_now
VendorProductVersionCPE
sapenable_now*cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:*

Related

cve 1
cvelist 1
vulnrichment 1
cve
cve
CVE-2024-34692
2024-07-09 05:15:11
cvelist
cvelist
CVE-2024-34692 [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now
2024-07-09 04:43:05
vulnrichment
vulnrichment
CVE-2024-34692 [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now
2024-07-09 04:43:05

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS

0

Percentile

14.7%

JSON
Related for NVD:CVE-2024-34692
cve1cvelist1vulnrichment1