Name of the Vulnerable Software and Affected Versions SAP NetWeaver (affected versions not specified)

Description The issue exists due to incorrect restriction of the directory path name with limited access in the Log Viewer component of the SAP NetWeaver platform. This allows an attacker to bypass directory restrictions and execute arbitrary code on the server by exploiting the fact that the web application recognizes symbols such as . and / as part of a correct file path. This can lead to system compromise, excessive load on the file system or database, spread of the attack to server systems, and data tampering through a specially crafted archive containing files with special symbols in their names, which are uploaded to an arbitrary location on the server's file system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.