| |
Vulnerability CVE-2019-0327
Published: 2019-07-10
Description: |
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.securityfocus.com/bid/109071
https://launchpad.support.sap.com/#/notes/2777910
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
|
|
|
Copyright 2024, cxsecurity.com
|
|
|