Primary

Context

SAP NetWeaver AS Java Arbitrary File Upload Vulnerability Allowing Full System Compromise

Vulnerability

An arbitrary file upload vulnerability has been identified in SAP NetWeaver AS Java. This issue allows an authenticated non-administrative user to upload files through a flawed service. Once uploaded, these files can be executed, potentially leading to a complete compromise of the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in a full compromise of the system, allowing unauthorized access to sensitive information, manipulation of data, and disruption of services.

Remediation

Users are advised to review and implement the latest SAP Security Notes. Security fixes for SAP NetWeaver based products are delivered with the support packages. For information on the latest SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin.

Added: Sep 9, 2025, 2:29 AM

Updated: Sep 9, 2025, 2:29 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver AS Java Arbitrary File Upload Vulnerability Allowing Full System Compromise

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver AS Java

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating