CVE-2021-38163

🗓️ 14 Sep 2021 11:21:36Reported by sapType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 1009 Views

SAP NetWeaver (Visual Composer 7.0 RT) Authenticated RCE

Reporter	Title	Published	Views	Family All 16
GithubExploit	Exploit for Path Traversal in Sap Netweaver	10 Sep 202203:41	–	githubexploit
ATTACKERKB	CVE-2021-38163	14 Sep 202100:00	–	attackerkb
BDU FSTEC	The vulnerability of the Visual Composer browser-based modeling tool of the SAP NetWeaver software integration platform allows a perpetrator to escalate their privileges, execute arbitrary commands, or cause service interruptions.	13 Oct 202100:00	–	bdu_fstec
Circl	CVE-2021-38163	14 Sep 202116:21	–	circl
CISA KEV Catalog	SAP NetWeaver Unrestricted File Upload Vulnerability	9 Jun 202200:00	–	cisa_kev
CNNVD	SAP NetWeaver 路径遍历漏洞	14 Sep 202100:00	–	cnnvd
Check Point Advisories	SAP NetWeaver Unrestricted File Upload (CVE-2021-38163)	20 Jun 202200:00	–	checkpoint_advisories
Cvelist	CVE-2021-38163	14 Sep 202111:21	–	cvelist
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202100:00	–	ncsc
NVD	CVE-2021-38163	14 Sep 202112:15	–	nvd

NVD

Vulners

Node

sap netweaverMatch7.30

sap netweaverMatch7.31

sap netweaverMatch7.40

sap netweaverMatch7.50

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (Visual Composer 7.0 RT)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

25 Feb 2026 13:46Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8 - 9.9

CVSS 29

EPSS0.83454

SSVC