Unauthorized File Upload Vulnerability
CVE-2024-33006
Summary
The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.
Affected Version(s)
SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 700
SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 701
SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 702
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
malware.newsCVE-2024-33006SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators
SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …
8 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by malware.news
Vulnerability published
Vulnerability Reserved