CVE-2021-38163

Confirmed PUBLISHED

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative...

SAP SE · SAP NetWeaver (Visual Composer 7.0 RT)
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.9 Critical

At a Glance

SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

cisa java
CVE Published
Sep 14, 2021
Exploitation Reported
Jun 09, 2022
CVSS
9.9 Critical
EPSS
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
SAP SE
SAP NetWeaver (Visual Composer 7.0 RT)

7.30

Affected
SAP SE
SAP NetWeaver (Visual Composer 7.0 RT)

7.31

Affected
SAP SE
SAP NetWeaver (Visual Composer 7.0 RT)

7.40

Affected
SAP SE
SAP NetWeaver (Visual Composer 7.0 RT)

7.50

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.