CVE-2023-29186

Directory/Path Traversal vulnerability in SAP NetWeaver.

CVSS 8.7 HIGHEPSS 23.0%CWE-22

In short

A flaw in SAP NetWeaver allows attackers with administrative access to bypass file upload restrictions and overwrite critical files on the server, potentially crashing the system. While attackers cannot read files through this vulnerability, they can damage or destroy important system files.

Technical detail

A directory traversal vulnerability in SAP NetWeaver BI CONT ADDON (versions 707, 737, 747, 757) permits authenticated attackers with elevated privileges to upload and overwrite arbitrary files via a report interface, bypassing path validation controls. The attack vector requires administrative credentials and can result in denial of service by corrupting critical OS files; confidentiality is not impacted as file read access is not possible.

Summary generated and translated by AI from the official description.

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Affected products

SAP · NetWeaver (BI CONT ADDON)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/3305907 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html