N/A

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.

N/A

N/A

SAP NetWeaver 安全漏洞

SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台可为SAP应用提供开发和运行环境。 SAP NetWeaver 7400.12.21.30308版本中存在安全漏洞。远程攻击者可通过向metadatauploader发送带有特制序列化Java对象的请求利用该漏洞造成拒绝服务，可能执行任意代码。

N/A

N/A