Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-27269
9.6CRITICAL
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 14 March 2023
Summary
The vulnerability found in SAP NetWeaver Application Server for ABAP allows attackers with non-administrative privileges to exploit a directory traversal issue within an exposed service. This exploit enables the unauthorized overwriting of system files, potentially leading to a disruption of service on the overall system. While the attack does not allow data exfiltration, the risk of overwriting essential OS files poses a significant threat, as it can render critical services inoperable and compromise system availability.
Affected Version(s)
NetWeaver Application Server for ABAP and ABAP Platform 700
NetWeaver Application Server for ABAP and ABAP Platform 701
NetWeaver Application Server for ABAP and ABAP Platform 702
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved