CVE-2023-27500

Summary

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)700affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)701affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)702affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)731affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)740affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)750affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)751affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)752affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)753affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)754affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)755affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)756affected
SAPNetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)757affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References