CISA KEV 정보
| 취약점명 | SAP NetWeaver Unrestricted File Upload Vulnerability |
|---|---|
| 설명 | SAP NetWeaver contains a vulnerability that allows unrestricted file upload. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-23 |
| 등록일 (KEV) | 2022-06-09 |
| 조치 기한 | 2022-06-30 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2021-38163 |
NVD 상세 정보
CVSS v3.1: 9.9 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCVSS v2.0: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C설명: SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
CWE: CWE-22 | CWE-22
참조
- https://launchpad.support.sap.com/#/notes/3084487 [Permissions Required]
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 [Broken Link, Vendor Advisory]
- https://launchpad.support.sap.com/#/notes/3084487 [Permissions Required]
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 [Broken Link, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38163 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.