CVE-2024-34692 — LOW (3.3) — White Hats Nepal

Vulnerability Description

Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Enable Now	All versions

Related Weaknesses (CWE)

CWE-434

References

https://me.sap.com/notes/3476340Permissions Required
https://url.sap/sapsecuritypatchdayVendor Advisory
https://me.sap.com/notes/3476340Permissions Required
https://url.sap/sapsecuritypatchdayVendor Advisory

FAQ

What is CVE-2024-34692?

CVE-2024-34692 is a vulnerability with a CVSS score of 3.3 (LOW). Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed b...

How severe is CVE-2024-34692?

CVE-2024-34692 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-34692?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Enable Now.