CVE-2024-34692
low-risk
Published 2024-07-09
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. These files include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker can cause limited impact on confidentiality and Integrity of the application.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ HIGH complexity
Affected Products (1)
Enable Now
Affected Vendors
References (4)
Permissions Required
https://me.sap.com/notes/3476340
Vendor Advisory
https://url.sap/sapsecuritypatchday
Permissions Required
https://me.sap.com/notes/3476340
Vendor Advisory
https://url.sap/sapsecuritypatchday
15
/ 100
low-risk
Severity
9/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal