Описание
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.
Ссылки
- Third Party AdvisoryVDB Entry
- Broken Link
- Permissions Required
- Third Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sap:netweaver:7400.12.21.30308:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01857
Низкий
7.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
EPSS
Процентиль: 83%
0.01857
Низкий
7.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502