Vulnerabilities > CVE-2023-29186 - Unspecified vulnerability in SAP Netweaver

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2023-04-11

Updated: 2024-11-21

Summary

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver 707 SAP Netweaver 737 SAP Netweaver 747 SAP Netweaver 757	4

References

https://launchpad.support.sap.com/#/notes/3305907
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3305907
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html