Description
Application Server Java Web Container allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Some well-known impacts of Code Injection vulnerability are
- Unauthorized execution of commands
- Sensitive information disclosure
- Denial of Service
Available fix and Supported packages
- ENGINEAPI | 7.10 | 7.11
- ENGINEAPI | 7.20 | 7.20
- ENGINEAPI | 7.30 | 7.30
- ENGINEAPI | 7.31 | 7.31
- ENGINEAPI | 7.40 | 7.40
- ENGINEAPI | 7.50 | 7.50
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 6.40 | 6.40
- SAP-JEECOR | 7.01 | 7.02
- ENGINEAPI 7.10 | SP022 | 000004
- ENGINEAPI 7.10 | SP023 | 000002
- ENGINEAPI 7.10 | SP024 | 000001
- ENGINEAPI 7.10 | SP025 | 000000
- ENGINEAPI 7.11 | SP017 | 000004
- ENGINEAPI 7.11 | SP018 | 000002
- ENGINEAPI 7.11 | SP019 | 000001
- ENGINEAPI 7.11 | SP020 | 000000
- ENGINEAPI 7.20 | SP009 | 000052
- ENGINEAPI 7.30 | SP017 | 000012
- ENGINEAPI 7.30 | SP018 | 000008
- ENGINEAPI 7.30 | SP019 | 000004
- ENGINEAPI 7.30 | SP020 | 000000
- ENGINEAPI 7.31 | SP020 | 000013
- ENGINEAPI 7.31 | SP021 | 000010
- ENGINEAPI 7.31 | SP022 | 000007
- ENGINEAPI 7.31 | SP023 | 000006
- ENGINEAPI 7.31 | SP024 | 000003
- ENGINEAPI 7.31 | SP025 | 000000
- ENGINEAPI 7.31 | SP026 | 000000
Affected component
- BC-JAS-WEB
Web Container, HTTP, JavaMail, Servlets
CVSS
Score: 9.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2798336
