Vulnerability Details CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2021-27618
-
cpe:2.3:a:sap:netweaver_process_integration:7.10
-
cpe:2.3:a:sap:netweaver_process_integration:7.11
-
cpe:2.3:a:sap:netweaver_process_integration:7.20
-
cpe:2.3:a:sap:netweaver_process_integration:7.30
-
cpe:2.3:a:sap:netweaver_process_integration:7.31
-
cpe:2.3:a:sap:netweaver_process_integration:7.40
-
cpe:2.3:a:sap:netweaver_process_integration:7.50