SapVULNRICHMENT:CVE-2024-34692CVE-2024-34692 [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
14.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.
CNA Affected
[
{
"vendor": "SAP_SE",
"product": "SAP Enable Now",
"versions": [
{
"status": "affected",
"version": "WPB_MANAGER_CE 10"
},
{
"status": "affected",
"version": "WPB_MANAGER_HANA 10"
},
{
"status": "affected",
"version": "ENABLE_NOW_CONSUMP_DEL 1704"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
14.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial