Description
UPDATE 22nd December 2020: This note has been re-released with updated ‘Support Packages & Patches’ information. We have provided the fix to the version SR UI 7.40 SP 017 & SR UI 7.31 SP 022
The UDDI Server of SAP NetWeaver Application Server for Java allows an attacker to execute arbitrary OS commands without having the required permissions, known as escalation of privileges vulnerability. Potential impact is total compromise of confidentiality, integrity and availability of server OS.
Available fix and Supported packages
- SR-UI | 7.20 | 7.20
- SR-UI | 7.30 | 7.30
- SR-UI | 7.31 | 7.31
- SR-UI | 7.40 | 7.40
- SR-UI | 7.50 | 7.50
- SR UI 7.20 | SP009 | 000005
- SR UI 7.30 | SP018 | 000002
- SR UI 7.30 | SP019 | 000002
- SR UI 7.30 | SP020 | 000001
- SR UI 7.30 | SP021 | 000000
- SR UI 7.31 | SP022 | 000002
- SR UI 7.31 | SP023 | 000002
- SR UI 7.31 | SP024 | 000002
- SR UI 7.31 | SP025 | 000001
- SR UI 7.31 | SP026 | 000001
- SR UI 7.31 | SP027 | 000001
- SR UI 7.31 | SP028 | 000000
- SR UI 7.40 | SP017 | 000002
- SR UI 7.40 | SP018 | 000002
- SR UI 7.40 | SP019 | 000002
- SR UI 7.40 | SP020 | 000001
- SR UI 7.40 | SP021 | 000001
- SR UI 7.40 | SP022 | 000001
- SR UI 7.40 | SP023 | 000000
- SR UI 7.50 | SP013 | 000002
Affected component
- BC-ESI-UDDI
UDDI Server
CVSS
Score: 9.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2979062
