CVE-2024-34683 – An authenticated attacker can upload malicious ... (How to Fix)

Q: What is the severity of CVE-2024-34683?

CVE-2024-34683 has a CVSS score of 6.5 (MEDIUM). An authenticated attacker can upload malicious files to the SAP Document Builder service, which when accessed by a victim allows the attacker to access, modify, or make information unavailable in the victim's browser. This affects SAP systems running vulnerable versions of the Document Builder service with authenticated users.

📋 TL;DR

An authenticated attacker can upload malicious files to the SAP Document Builder service, which when accessed by a victim allows the attacker to access, modify, or make information unavailable in the victim's browser. This affects SAP systems running vulnerable versions of the Document Builder service with authenticated users.

💻 Affected Systems

Products:

SAP Document Builder

Versions: Specific versions not detailed in CVE; refer to SAP Note 3459379 for affected versions

Operating Systems: All platforms running SAP Document Builder

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the SAP Document Builder service.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal sensitive business documents, modify critical information, or disrupt business operations by making documents unavailable.

🟠

Likely Case

Data theft or manipulation of business documents through targeted attacks against specific users.

🟢

If Mitigated

Limited impact with proper file upload restrictions and user access controls in place.

🌐 Internet-Facing: MEDIUM - Requires authenticated access but could be exploited if service is exposed to internet.

🏢 Internal Only: HIGH - Internal attackers with valid credentials can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to have valid credentials and ability to upload files that victims will access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3459379

Vendor Advisory: https://me.sap.com/notes/3459379

Restart Required: Yes

Instructions:

1. Download SAP Note 3459379 from SAP Support Portal. 2. Apply the security patch to affected SAP Document Builder installations. 3. Restart the affected services.

🔧 Temporary Workarounds

Restrict File Uploads

all

Implement strict file upload controls and validation in SAP Document Builder

Access Control Enhancement

all

Implement additional authentication checks and user session validation

🧯 If You Can't Patch

Implement strict file upload validation and whitelist allowed file types
Monitor and audit all file upload activities in SAP Document Builder

🔍 How to Verify

Check if Vulnerable:

Check if SAP Security Note 3459379 is applied in your SAP system using transaction SNOTE

Check Version:

Check SAP system version and applied notes using transaction SM51 or SM50

Verify Fix Applied:

Verify SAP Note 3459379 is successfully implemented and no errors in application logs

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns
Multiple failed upload attempts
Access to uploaded files from unexpected IPs

Network Indicators:

Unusual traffic to SAP Document Builder endpoints
File upload requests with suspicious content

SIEM Query:

source="sap_logs" AND (event="file_upload" OR event="document_access") AND user!="*expected_users*"

📊 Metadata

CVE ID: CVE-2024-34683

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-434

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

https://me.sap.com/notes/3459379 Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch,Vendor Advisory
https://me.sap.com/notes/3459379 Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34683, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

Document Builder by Sap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict File Uploads

Access Control Enhancement

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities