CVE-2021-27618

Summary

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Process Integration (Integration Builder Framework)< 7.10affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.11affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.20affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.30affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.31affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.40affected
SAP SESAP Process Integration (Integration Builder Framework)< 7.50affected

Weaknesses

  • Unrestricted File Upload

ADP Enrichment

CVE Program Container

Additional References

References