SapCVE-2023-33989CVE-2023-33989
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
34.7%
An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | netweaver_bi_content | 707 | cpe:2.3:a:sap:netweaver_bi_content:707:*:*:*:*:*:*:* |
| sap | netweaver_bi_content | 737 | cpe:2.3:a:sap:netweaver_bi_content:737:*:*:*:*:*:*:* |
| sap | netweaver_bi_content | 747 | cpe:2.3:a:sap:netweaver_bi_content:747:*:*:*:*:*:*:* |
| sap | netweaver_bi_content | 757 | cpe:2.3:a:sap:netweaver_bi_content:757:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver (BI CONT ADD ON)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "707"
},
{
"status": "affected",
"version": "737"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "757"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
34.7%