CVE-2023-29186

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (BI CONT ADDON) versions 707, 737, 747, 757

Description The issue allows an attacker to exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Although data cannot be read, a remote attacker with sufficient administrative privileges can potentially overwrite critical OS files, making the system unavailable.

Recommendations For versions 707, 737, 747, 757, consider disabling the report feature that allows file uploads until a patch is available to prevent exploitation of the directory traversal flaw. At the moment, there is no information about a newer version that contains a fix for this vulnerability.