An authenticated attacker can upload maliciousfile to SAP Document Builder service. When the victim accesses this file, theattacker is allowed to access, modify, or make the related informationunavailable in the victimβs browser.
6.5CVSS
6.4AI Score
0.0004EPSS
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
5.3CVSS
7.4AI Score
0.0005EPSS