SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NSap Netweaver
APPSap7.107.117.207.307.317.407.50
Related vulnerabilities
SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści
SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an ...
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() ...