Threat Advisories - NVD Disclosed September 14, 2021

CVE-2021-38163

SAP NetWeaver Allows Unauthorized Command Execution.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An authenticated user can upload a malicious file to SAP NetWeaver Visual Composer, leading to operating system command execution. This can result in data compromise or server unavailability, posing a business risk.

NVD published: September 14, 2021 • CISA KEV