The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3012021 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-05-11T14:19:33
Updated: 2021-05-11T14:19:33
Reserved: 2021-02-23T00:00:00
Link: CVE-2021-27618
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-11T15:15:08.440
Modified: 2021-08-27T17:38:51.547
Link: CVE-2021-27618
JSON object: View
Redhat Information
No data.
CWE