|Number of vulnerabilities||1|
|Public exploit||Vulnerability #1 is being exploited in the wild.|
Server applications / Application servers
This security bulletin contains one medium risk vulnerability.
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: YesDescription
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the Visual Composer 7.0 RT in SAP NetWeaver. A remote user can upload a malicious file and execute it on the server.Mitigation
Install updates from vendor's website.Vulnerable software versions
SAP NetWeaver: 7.30 - 7.50
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?