File Upload Vulnerability in SAP Process Integration Framework
CVE-2021-27618
4.9MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 May 2021
What is CVE-2021-27618?
The Integration Builder Framework of SAP Process Integration does not provide sufficient checks on the file type extensions for files uploaded from local sources. This vulnerability allows an attacker to upload a crafted malicious file, potentially leading to denial of service and disrupting the availability of the application. It is crucial for users to implement necessary security measures and updates to mitigate the risks associated with this oversight.
Affected Version(s)
SAP Process Integration (Integration Builder Framework) < 7.10 < 7.10
SAP Process Integration (Integration Builder Framework) < 7.11 < 7.11
SAP Process Integration (Integration Builder Framework) < 7.20 < 7.20