CVE-2023-27501

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791

Description The issue allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted, making the system unavailable and causing significant impact on both availability and integrity.

Recommendations For SAP NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, consider disabling the vulnerable service that allows directory traversal until a patch is available. Restrict access to the system files to minimize the risk of exploitation. Avoid using user-provided path information in the affected service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.