VDB

CVE-2021-38163

CVE-2021-38163 PUBLISHED KEV CVSS 9.899999618530273 CRITICAL

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

EPSS 83.96% · 99.3th percentile

Risk Scores

CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
83.96%
99.3th percentile

Affected Products

VendorProductVersions
sapnetweaver7.50, 7.30, 7.31
SAP SESAP NetWeaver (Visual Composer 7.0 RT)7.50, 7.30, 7.31

Timeline

  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›