SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2021-09-14T11:21:36
Updated: 2024-08-04T01:37:16.194Z
Reserved: 2021-08-07T00:00:00
Link: CVE-2021-38163
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-14T12:15:10.890
Modified: 2024-11-21T06:16:31.867
Link: CVE-2021-38163
Redhat
No data.