cbcvebase.
CVE-2023-29186
published 2023-04-11

CVE-2023-29186: In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on…

PriorityP350medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
EPSS
23.04%
97.5th percentile
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Affected

4 ranges
VendorProductVersion rangeFixed in
sapnetweaver
sapnetweaver
sapnetweaver
sapnetweaver
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.