Lucene search

[email protected]NVD:CVE-2021-38163

HistorySep 14, 2021 - 12:15 p.m.

CVE-2021-38163

2021-09-1412:15:10

CWE-22

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.925 High

EPSS

Percentile

99.0%

JSON

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

Affected configurations

NVD

Node

sapnetweaverMatch7.30

sapnetweaverMatch7.31

sapnetweaverMatch7.40

sapnetweaverMatch7.50

References

launchpad.support.sap.com/#/notes/3084487

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.925 High

EPSS

Percentile

99.0%

JSON

Related for NVD:CVE-2021-38163

cvelist1 attackerkb1 prion1 githubexploit1 cve1 checkpoint_advisories1 cisa_kev1