← Back

CVE-2021-27618

nvd nist
Published: May 11, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.

Affected (7)

Sap
1 product
Netweaver Process Integration
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Process Integration
Version 7.10
Netweaver Process Integration
Version 7.11
Netweaver Process Integration
Version 7.20
Netweaver Process Integration
Version 7.30
Netweaver Process Integration
Version 7.31
Netweaver Process Integration
Version 7.40
Netweaver Process Integration
Version 7.50

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.