CVE-2023-27501

CWE-22 — Path Traversal3 documents3 sources

Severity

9.6CRITICAL

EPSS

0.6%

top 29.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedMar 14

Description

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:HExploitability: 2.3 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_and_abap_platform14 versions+13

▶NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

CVEList

Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-03-14

▶

GHSA

GHSA-7f7j-cqf9-c9h2: SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exp↗2023-03-14

▶