Google Fixes New Android Kernel Security Flaw Exploited in the Wild
August 6, 2024Multiple Apache Products Vulnerabilities
August 6, 2024Google Fixes New Android Kernel Security Flaw Exploited in the Wild
August 6, 2024Multiple Apache Products Vulnerabilities
August 6, 2024Severity
Medium
Analysis Summary
CVE-2024-39592 CVSS:7.7
SAP PDCE could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read sensitive information.
CVE-2024-34692 CVSS:3.3
SAP Enable Now could allow a local authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-39592
- CVE-2024-34692
Affected Vendors
Affected Products
- SAP Enable Now WPB_MANAGER_CE 10
- SAP Enable Now WPB_MANAGER_HANA 10
- SAP Enable Now ENABLE_NOW_CONSUMP_DEL 1704
- SAP PDCE S4CORE 102
- SAP PDCE S4CORE 103
- SAP PDCE S4COREOP 104
- SAP PDCE S4COREOP 105
- SAP PDCE S4COREOP 106
- SAP PDCE S4COREOP 107
- SAP PDCE S4COREOP 108
Remediation
Current SAP customers should refer to SAP for patch information, available from the SAP Website (login required).