CVE-2021-27618

Опубликовано: 11 мая 2021

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.

Ссылки

https://launchpad.support.sap.com/#/notes/3012021
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3012021
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

4.9 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-fq48-p44p-fxj5

github

больше 3 лет назад

EPSS

Процентиль: 43%

0.00209

Низкий

4.9 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434