CVE-2023-29186

Summary

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver (BI CONT ADDON)707affected
SAPNetWeaver (BI CONT ADDON)737affected
SAPNetWeaver (BI CONT ADDON)747affected
SAPNetWeaver (BI CONT ADDON)757affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References