CVE-2019-0327
N/A
N/A
Summary
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.1 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.2 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.3 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.31 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.4 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (engineapi) | < 7.5 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (servercode) | < 7.2 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (servercode) | < 7.3 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (servercode) | < 7.31 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (servercode) | < 7.4 | affected |
| SAP SE | SAP NetWeaver for Java Application Server - Web Container (servercode) | < 7.5 | affected |
Weaknesses
- Unrestricted File Upload
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/109071
- https://launchpad.support.sap.com/#/notes/2777910
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
References
- http://www.securityfocus.com/bid/109071
- https://launchpad.support.sap.com/#/notes/2777910
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.