SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2021-09-14T11:21:36

Updated: 2024-08-04T01:37:16.194Z

Reserved: 2021-08-07T00:00:00

Link: CVE-2021-38163

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-14T12:15:10.890

Modified: 2024-11-21T06:16:31.867

Link: CVE-2021-38163

cve-icon Redhat

No data.