Description
FTP Function of SAP NetWeaver AS ABAP Platform allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Some well-known impacts of Code Injection vulnerability are
- Unauthorized execution of commands
- Sensitive information disclosure
- Denial of Service
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KRNL64UC | 7.73 | 7.73
- KERNEL | 7.21 | 7.22
- KERNEL | 7.45 | 7.45
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.73 | 7.73
- SAP KERNEL 7.21 32-BIT | SP1120 | 001120
- SAP KERNEL 7.21 32-BIT UNICODE | SP1120 | 001120
- SAP KERNEL 7.21 64-BIT | SP1120 | 001120
- SAP KERNEL 7.21 64-BIT UNICODE | SP1120 | 001120
- SAP KERNEL 7.21 EXT 64-BIT | SP1120 | 001120
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1120 | 001120
- SAP KERNEL 7.22 64-BIT | SP810 | 000810
- SAP KERNEL 7.22 64-BIT UNICODE | SP810 | 000810
- SAP KERNEL 7.22 EXT 64-BIT | SP810 | 000810
- SAP KERNEL 7.22 EXT 64-BIT UC | SP810 | 000810
- SAP KERNEL 7.45 64-BIT | SP900 | 000900
- SAP KERNEL 7.45 64-BIT UNICODE | SP900 | 000900
- SAP KERNEL 7.49 64-BIT | SP616 | 000616
- SAP KERNEL 7.49 64-BIT UNICODE | SP616 | 000616
- SAP KERNEL 7.53 64-BIT | SP314 | 000314
- SAP KERNEL 7.53 64-BIT UNICODE | SP314 | 000314
- SAP KERNEL 7.73 64-BIT UNICODE | SP028 | 000028
Affected component
- BC-SRV-COM-FTP
File Transfer via FTP
CVSS
Score: 5.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2719530
