CVE-2023-33989Path Traversal in SE SAP Netweaver

CWE-22Path Traversal3 documents3 sources
Severity
8.1HIGHNVD
CNA8.7
EPSS
0.3%
top 50.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP NetweaverSAP Netweaver BI Content
Timeline
PublishedJul 11

Description

An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDsap/netweaver_bi_content4 versions+3
CVEListV5sap_se/sap_netweaver4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-xhp3-g75g-8f9j: An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal2023-07-11
CVEList
Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)2023-07-11
CVE-2023-33989 — Path Traversal in SAP SE SAP Netweaver | cvebase