CVE-2021-27618

Name of the Vulnerable Software and Affected Versions SAP Process Integration versions 7.10 through 7.50

Description The issue concerns the Integration Builder Framework, which fails to check the file type extension of uploaded files from local sources. This oversight allows an attacker to craft and upload malicious files, potentially leading to denial of service and impacting the application's availability.

Recommendations For versions 7.10 through 7.50, consider implementing strict file type validation to prevent the upload of malicious files until a formal fix is available. As a temporary workaround, restrict access to file upload functionality to minimize the risk of exploitation.