mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
173 lines
5.8 KiB
JSON
173 lines
5.8 KiB
JSON
{
|
|
"id": "CVE-2024-34683",
|
|
"sourceIdentifier": "cna@sap.com",
|
|
"published": "2024-06-11T03:15:10.623",
|
|
"lastModified": "2024-08-09T20:04:44.060",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la v\u00edctima accede a este archivo, el atacante puede acceder, modificar o hacer que la informaci\u00f3n relacionada no est\u00e9 disponible en el navegador de la v\u00edctima."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.3,
|
|
"impactScore": 3.7
|
|
},
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.3,
|
|
"impactScore": 3.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-434"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5350CBE5-1DC2-4385-BB54-CF00158A0E41"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AACFC047-8DF1-4A7A-8678-B06DA5FDB813"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DFEBE181-4350-4629-947E-04ED3CE715F9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D1C51CE6-E2A3-4100-A45E-5BE6997BF5CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36E9BCB7-A284-4F3E-8894-A6BB02294959"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9766F9DB-CF4F-45E3-B040-3962DBACECF6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F7B2AFEF-DE52-4D22-A67F-E85F7CACA118"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5C930294-CB73-4D42-A406-8579B60E43B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5AA983A4-C5D1-4757-BE08-224F69380A7D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1AFD8074-7613-4E8A-B69E-691813EAC685"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "662FF019-5901-4B3A-B5F6-CDFC9065783B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1A2A67C2-2564-4F41-BE38-C33D2C7CF9E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3459379",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Permissions Required"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |