CVE-2023-27269

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791

Description The issue is related to a directory traversal flaw in an available service, allowing an attacker with non-administrative authorizations to overwrite system files. This attack does not allow data to be read, but potentially critical OS files can be overwritten, making the system unavailable. The flaw is due to incorrect restriction of the path name to a directory with limited access.

Recommendations For SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, consider disabling the vulnerable service until a patch is available to prevent exploitation of the directory traversal flaw. At the moment, there is no information about a newer version that contains a fix for this vulnerability.