Description
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.30 – < 7.30
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.31 – < 7.31
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.40 – < 7.40
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.50 – < 7.50