CVE-2023-33989

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (BI CONT ADD ON) versions 707, 737, 747, 757

Description The issue is related to incorrect restriction of a directory path with limited access in the SAP NetWeaver software integration platform. This can be exploited by a remote attacker to overwrite arbitrary files. An attacker with non-administrative authorizations can exploit a directory traversal flaw to overwrite system files, potentially leading to system compromise. However, data from confidential files cannot be read.

Recommendations For SAP NetWeaver (BI CONT ADD ON) versions 707, 737, 747, 757, consider restricting access to the vulnerable directory traversal functionality until a patch is available. As a temporary workaround, avoid using the vulnerable directory traversal function in the affected SAP NetWeaver versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.