CVE-2019-0327

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
0.7%
top 27.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE SAP Netweaver FOR Java Application Server - WEB Container (engineapi)SAP SE SAP Netweaver FOR Java Application Server - WEB Container (servercode)SAP Netweaver Application Server Java
Timeline
PublishedJul 10
Latest updateMay 24

Description

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-8q67-xv24-8p86: SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 72022-05-24
CVEList
CVE-2019-0327: SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 72019-07-10
CVE-2019-0327 (HIGH CVSS 7.2) | SAP NetWeaver for Java Application | cvebase.io