CVE-2021-27618
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
11/05/2021
Last modified:
27/08/2021
Description
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page