Unauthorized File Upload Vulnerability

CVE-2024-33006
9.6CRITICAL

Key Information

Vendor
SAP
Status
SAP Netweaver Application Server Abap And Abap Platform
Vendor
CVE Published:
14 May 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.

Affected Version(s)

SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 700

SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 701

SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 702

News Articles

favicon imagemalware.news

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …

6 months ago

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit exists.

  • First article discovered by malware.news

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database1 News Article(s)
.