Vulnerability Details CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.884
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 9.0
Proposed Action
SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
Ransomware Campaign
Unknown
References