Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SAP Netweaver Visual Composer Unrestricted File Upload (3084487)

🗓️ 12 Mar 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 1 Views

Authenticated non-admin users can upload files in NetWeaver Visual Composer to run OS commands with server privileges.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Path Traversal in Sap Netweaver
10 Sep 202203:41
githubexploit
ATTACKERKB		CVE-2021-38163
14 Sep 202100:00
attackerkb
Circl		CVE-2021-38163
14 Sep 202116:21
circl
CISA KEV Catalog		SAP NetWeaver Unrestricted File Upload Vulnerability
9 Jun 202200:00
cisa_kev
CNNVD		SAP NetWeaver 路径遍历漏洞
14 Sep 202100:00
cnnvd
Check Point Advisories		SAP NetWeaver Unrestricted File Upload (CVE-2021-38163)
20 Jun 202200:00
checkpoint_advisories
CVE		CVE-2021-38163
14 Sep 202111:21
cve
Cvelist		CVE-2021-38163
14 Sep 202111:21
cvelist
NCSC		Vulnerabilities fixed in SAP products
14 Sep 202100:00
ncsc
NVD		CVE-2021-38163
14 Sep 202112:15
nvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(301975);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/12");

  script_cve_id("CVE-2021-38163");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/30");

  script_name(english:"SAP Netweaver Visual Composer Unrestricted File Upload (3084487)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SAP Netweaver Visual Composer is affected by an unrestricted file upload vulnerability.");
  script_set_attribute(attribute:"description", value:
"SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker 
authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, 
which is capable of running operating system commands with the privilege of the Java Server process. These commands 
can be used to read or modify any information on the server or shut the server down making it unavailable.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3084487");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38163");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:sap:netweaver_visual_composer");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_netweaver_visual_composer_detect.nbin", "sap_netweaver_as_web_detect.nbin");
  script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "installed_sw/SAP Netweaver Visual Composer", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 8000, 50000);

  exit(0);
}

#Runs as normal Netweaver check for now, as it will only have the required keys if some form of Visual composer has been detected.
include('vcf_extras_sap.inc');

var app_info = vcf::sap_netweaver_as::get_app_info();

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var constraints = [
  {'equal' : '7.30', 'fixed_display' : 'See vendor advisory' },
  {'equal' : '7.31', 'fixed_display' : 'See vendor advisory' },
  {'equal' : '7.40', 'fixed_display' : 'See vendor advisory' },
  {'equal' : '7.50', 'fixed_display' : 'See vendor advisory' }
];

vcf::sap_netweaver_as::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Mar 2026 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.18.8 - 9.9
CVSS 29
EPSS0.83454
SSVC
NetWeaver Visual Composerunrestricted file uploadauthenticated user accessserver command executionnon administrator
1