Description
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3448171
Scores
CVSS v3
9.6
EPSS
0.0057
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (14)
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 702
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 700
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 701
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 731
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 740
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 750
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 751
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 752
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 753
SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform
SAP_BASIS 754
... and 4 more
Published
May 14, 2024
Tracked Since
Feb 18, 2026