CVE-2021-38163

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30, 7.31, 7.40, 7.50

Description The issue is related to an unrestricted file upload vulnerability in the SAP NetWeaver platform, specifically in the Visual Composer 7.0 RT component. This vulnerability allows an attacker, authenticated as a non-administrative user, to upload a malicious file over a network and trigger its processing. The malicious file can run operating system commands with the privilege of the Java Server process, enabling the attacker to read or modify any information on the server or shut the server down, making it unavailable.

Recommendations For SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation. Restrict access to the Java Server process to prevent the execution of malicious commands.