Known Vulnerabilities
CVE-2024-39591
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
MEDIUM
CVSS 4.3
Published Aug 13, 2024
CVE-2024-34683
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
MEDIUM
CVSS 6.5
Published Jun 11, 2024