CVE-2023-29186 HIGH

CVE-2023-29186: Directory/Path Traversal vulnerability in SAP NetWeaver.

Vendor Sap
Product NetWeaver (BI CONT ADDON)
Weakness CWE-22 · Path traversal
Published April 11, 2023
Last update February 7, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
February 7, 2025 Record updated