Vulnerabilities > CVE-2023-33989 - Unspecified vulnerability in SAP Netweaver BI Content

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2023-07-11

Updated: 2024-11-21

Summary

An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver BI Content 737 SAP Netweaver BI Content 747 SAP Netweaver BI Content 757 SAP Netweaver BI Content 707	4

References

https://me.sap.com/notes/3331376
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3331376
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html