All vulnerabilities
CVE-2021-38163
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP — NetWeaver
- Added to KEV catalog
- 9 June 2022
- Federal remediation due date
- 30 June 2022
- Weakness classification (CWE)
- CWE-23
CISA Description
SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38163
More SAP Vulnerabilities
CVE-2025-42999
SAP NetWeaver Deserialization Vulnerability
CVE-2025-31324
SAP NetWeaver Unrestricted File Upload Vulnerability
CVE-2017-12637
SAP NetWeaver Directory Traversal Vulnerability
CVE-2019-0344
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVE-2022-22536
SAP Multiple Products HTTP Request Smuggling Vulnerability
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services