CVE-2023-33989 HIGH

CVE-2023-33989: Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

Vendor Sap_Se
Product SAP NetWeaver (BI CONT ADD ON)
Weakness CWE-22 · Path traversal
Published July 11, 2023
Last update October 23, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
October 23, 2024 Record updated