File Upload Vulnerability in SAP NetWeaver for Java Application Server
CVE-2019-0327

7.2HIGH

Key Information:

Vendor
SAP
Status
SAP Netweaver For Java Application Server - Web Container (engineapi)
SAP Netweaver For Java Application Server - Web Container (servercode)
Vendor
CVE Published:
10 July 2019

Summary

The vulnerability in SAP NetWeaver for Java Application Server's web container and server code allows attackers to upload files, including harmful script files, due to inadequate validation of file formats. This susceptibility could be exploited to execute arbitrary code on the server, posing a significant risk to the integrity and functionality of affected applications.

Affected Version(s)

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.1 < 7.1

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.2 < 7.2

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.3 < 7.3

References

http://www.securityfocus.com/bid/109071
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2777910
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.