CVE-2023-27500

CWE-22Path Traversal3 documents3 sources
Severity
8.1HIGH
EPSS
0.5%
top 34.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS FOR Abap AND Abap Platform (saprsbro Program)SAP Netweaver Application Server Abap
Timeline
PublishedMar 14

Description

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 3.1 | Impact: 5.8

Affected Packages2 packages

NVDsap/netweaver_application13 versions+12

🔴Vulnerability Details

2
CVEList
Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform2023-03-14
GHSA
GHSA-f236-f39c-h265: An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files2023-03-14
CVE-2023-27500 (HIGH CVSS 8.1) | An attacker with non-administrative | cvebase.io