File Type Extension Bypass Vulnerability in SAP Process Integration Integration Builder Framework

File Type Extension Bypass Vulnerability in SAP Process Integration Integration Builder Framework

CVE-2021-27618 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application.

Learn more about our Web Application Penetration Testing UK.