File Upload Vulnerability in SAP NetWeaver for Java Application Server
CVE-2019-0327

7.2HIGH

Summary

The vulnerability in SAP NetWeaver for Java Application Server's web container and server code allows attackers to upload files, including harmful script files, due to inadequate validation of file formats. This susceptibility could be exploited to execute arbitrary code on the server, posing a significant risk to the integrity and functionality of affected applications.

Affected Version(s)

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.1 < 7.1

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.2 < 7.2

SAP NetWeaver for Java Application Server - Web Container (engineapi) < 7.3 < 7.3

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.