Severity
Medium
Analysis Summary
CVE-2024-39592 CVSS:7.7
SAP PDCE could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read sensitive information.
CVE-2024-34692 CVSS:3.3
SAP Enable Now could allow a local authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-39592
- CVE-2024-34692
Affected Vendors
Affected Products
- SAP Enable Now WPB_MANAGER_CE 10
- SAP Enable Now WPB_MANAGER_HANA 10
- SAP Enable Now ENABLE_NOW_CONSUMP_DEL 1704
- SAP PDCE S4CORE 102
- SAP PDCE S4CORE 103
- SAP PDCE S4COREOP 104
- SAP PDCE S4COREOP 105
- SAP PDCE S4COREOP 106
- SAP PDCE S4COREOP 107
- SAP PDCE S4COREOP 108
Remediation
Current SAP customers should refer to SAP for patch information, available from the SAP Website (login required).