File Upload Vulnerability in SAP NetWeaver for Java Application Server
CVE-2019-0327
7.2HIGH
Key Information:
- Vendor
- SAP
- Status
- Vendor
- CVE Published:
- 10 July 2019
Summary
The vulnerability in SAP NetWeaver for Java Application Server's web container and server code allows attackers to upload files, including harmful script files, due to inadequate validation of file formats. This susceptibility could be exploited to execute arbitrary code on the server, posing a significant risk to the integrity and functionality of affected applications.
Affected Version(s)
SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.1 < 7.1
SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.2 < 7.2
SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.3 < 7.3
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved