CVE-2019-0327

Summary

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.1affected
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.2affected
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.3affected
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.31affected
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.4affected
SAP SESAP NetWeaver for Java Application Server - Web Container (engineapi)< 7.5affected
SAP SESAP NetWeaver for Java Application Server - Web Container (servercode)< 7.2affected
SAP SESAP NetWeaver for Java Application Server - Web Container (servercode)< 7.3affected
SAP SESAP NetWeaver for Java Application Server - Web Container (servercode)< 7.31affected
SAP SESAP NetWeaver for Java Application Server - Web Container (servercode)< 7.4affected
SAP SESAP NetWeaver for Java Application Server - Web Container (servercode)< 7.5affected

Weaknesses

  • Unrestricted File Upload

ADP Enrichment

CVE Program Container

Additional References

References