CVE-2023-27269

CWE-22 — Path Traversal CWE-862 — Missing Authorization3 documents3 sources

Severity

9.6CRITICAL

EPSS

0.6%

top 29.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedMar 14

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 3.1 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5sap/netweaver_application_server_for_abap_and_abap_platform14 versions+13

▶NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

CVEList

Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-03-14

▶

GHSA

GHSA-7485-mwrm-rhqr: SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an↗2023-03-14

▶