CVE-2021-38163 SAP CVE debrief

Who should care

SAP NetWeaver administrators, SAP platform owners, security teams, and managed service providers responsible for SAP environments should prioritize this CVE. Any internet-facing or widely reachable SAP NetWeaver deployment should be reviewed immediately.

Technical summary

The available source material identifies CVE-2021-38163 as an unrestricted file upload vulnerability in SAP NetWeaver. The corpus does not include affected versions or the full exploitation chain, but CISA’s KEV listing confirms known exploitation and recommends applying updates per vendor instructions.

Defensive priority

High

Recommended defensive actions

• Inventory SAP NetWeaver deployments and identify any systems that may be affected.
• Apply SAP vendor-recommended updates and remediation steps as soon as possible.
• Restrict access to SAP NetWeaver systems, especially any internet-facing instances.
• Review logs and file-upload related activity for suspicious uploads or unexpected file changes.
• Track the CISA KEV due date of 2022-06-30 and confirm remediation is complete.

Evidence notes

The source corpus includes the CISA KEV record for CVE-2021-38163, which names SAP NetWeaver as the affected product, labels the issue as an unrestricted file upload vulnerability, and lists dateAdded 2022-06-09 with dueDate 2022-06-30. The record’s note points to the NVD detail page and states: “Apply updates per vendor instructions.” No CVSS score or affected-version details were provided in the supplied corpus.

Official resources