CVE-2023-29186: Path Traversal
First published: Tue Apr 11 2023(Updated: )
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =707 | |
| SAP NetWeaver | =737 | |
| SAP NetWeaver | =747 | |
| SAP NetWeaver | =757 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-29186?
The severity of CVE-2023-29186 is high.
Which versions of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186?
Versions 707, 737, 747, and 757 of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186.
How can an attacker exploit CVE-2023-29186?
An attacker can exploit CVE-2023-29186 by exploiting a directory traversal flaw in a report to upload and overwrite files on the SAP server.
Can an attacker read data through CVE-2023-29186?
No, data cannot be read through CVE-2023-29186, but a remote attacker with sufficient privileges can potentially overwrite critical OS files.
Are there any security notes or references related to CVE-2023-29186?
Yes, you can refer to the following security notes for more information on CVE-2023-29186: [Link 1](https://launchpad.support.sap.com/#/notes/3305907) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- agent/references
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/707
- version/sap netweaver/737
- version/sap netweaver/747
- version/sap netweaver/757