VDB
CISA-2023-27501
CISA-2023-27501
PUBLISHED
CVSS 8.7 HIGH
Reported by sap · Published March 14, 2023
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity
Risk Scores
CVSS 3.1
8.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP | NetWeaver AS for ABAP and ABAP Platform | 700, 701, 702 |
| SAP | NetWeaver AS for ABAP and ABAP Platform | 700, 701, 702 |
Timeline
- Mar 14, 2023 CVE Published
- Feb 27, 2025 CVE Updated