Unauthorized File Upload Vulnerability
CVE-2024-33006
Key Information
- Vendor
- SAP
- Status
- SAP Netweaver Application Server Abap And Abap Platform
- Vendor
- CVE Published:
- 14 May 2024
Badges
Summary
The SAP Security Patch Day May 2024 delivered 14 new Security Notes alongside updates to 3 previously released notes. A critical vulnerability, tracked as CVE-2024-33006, was addressed in the SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to a complete system takeover. The exploitation of this vulnerability is a severe risk and organizations using SAP systems are urged to upgrade promptly to mitigate the risk. Additionally, other vulnerabilities were addressed in the security updates, highlighting the importance of timely patching and security vigilance.
Affected Version(s)
SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 700
SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 701
SAP NetWeaver Application Server ABAP and ABAP Platform = SAP_BASIS 702
News Articles
malware.newsCVE-2024-33006SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators
SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …
7 months ago
Refferences
CVSS V3.1
Timeline
- 👾
Exploit known to exist
First article discovered by malware.news
Vulnerability published
Vulnerability Reserved