SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.
[
{
"product": "SAP NetWeaver for Java Application Server - Web Container (engineapi) ",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.1"
},
{
"status": "affected",
"version": "< 7.2"
},
{
"status": "affected",
"version": "< 7.3"
},
{
"status": "affected",
"version": "< 7.31"
},
{
"status": "affected",
"version": "< 7.4"
},
{
"status": "affected",
"version": "< 7.5"
}
]
},
{
"product": "SAP NetWeaver for Java Application Server - Web Container (servercode)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.2"
},
{
"status": "affected",
"version": "< 7.3"
},
{
"status": "affected",
"version": "< 7.31"
},
{
"status": "affected",
"version": "< 7.4"
},
{
"status": "affected",
"version": "< 7.5"
}
]
}
]