What is the severity of CVE-2023-29186?

The severity of CVE-2023-29186 is high.

Which versions of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186?

Versions 707, 737, 747, and 757 of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186.

How can an attacker exploit CVE-2023-29186?

An attacker can exploit CVE-2023-29186 by exploiting a directory traversal flaw in a report to upload and overwrite files on the SAP server.

Can an attacker read data through CVE-2023-29186?

No, data cannot be read through CVE-2023-29186, but a remote attacker with sufficient privileges can potentially overwrite critical OS files.

Are there any security notes or references related to CVE-2023-29186?

Yes, you can refer to the following security notes for more information on CVE-2023-29186: [Link 1](https://launchpad.support.sap.com/#/notes/3305907) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

Vulnerability/
CVE-2023-29186

high

8.7

CWE

11/4/2023

7/2/2025

CVE-2023-29186: Directory/Path Traversal vulnerability in SAP NetWeaver.

First published: Tue Apr 11 2023(Updated: )

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver	=707
SAP NetWeaver	=737
SAP NetWeaver	=747
SAP NetWeaver	=757

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-29186?
The severity of CVE-2023-29186 is high.
Which versions of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186?
Versions 707, 737, 747, and 757 of SAP NetWeaver (BI CONT ADDON) are affected by CVE-2023-29186.
How can an attacker exploit CVE-2023-29186?
An attacker can exploit CVE-2023-29186 by exploiting a directory traversal flaw in a report to upload and overwrite files on the SAP server.
Can an attacker read data through CVE-2023-29186?
No, data cannot be read through CVE-2023-29186, but a remote attacker with sufficient privileges can potentially overwrite critical OS files.
Are there any security notes or references related to CVE-2023-29186?
Yes, you can refer to the following security notes for more information on CVE-2023-29186: [Link 1](https://launchpad.support.sap.com/#/notes/3305907) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/title
agent/severity
agent/first-publish-date
agent/author
agent/source
agent/tags
agent/description
agent/event
vendor/sap
canonical/sap netweaver
version/sap netweaver/707
version/sap netweaver/737
version/sap netweaver/747
version/sap netweaver/757

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.