Lucene search

[email protected]CVE-2023-27500

HistoryMar 14, 2023 - 6:15 a.m.

CVE-2023-27500

2023-03-1406:15:12

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-27500

directory traversal

saprsbro

system files

exploit

security vulnerability

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

Affected configurations

NVD

Node

sapnetweaver_application_server_abapMatch700

sapnetweaver_application_server_abapMatch701

sapnetweaver_application_server_abapMatch702

sapnetweaver_application_server_abapMatch731

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch751

sapnetweaver_application_server_abapMatch752

sapnetweaver_application_server_abapMatch753

sapnetweaver_application_server_abapMatch754

sapnetweaver_application_server_abapMatch755

sapnetweaver_application_server_abapMatch756

sapnetweaver_application_server_abapMatch757

VendorProductVersionCPE
sapnetweaver_application_server_abap702cpe:/a:sap:netweaver_application_server_abap:702:::
sapnetweaver_application_server_abap700cpe:/a:sap:netweaver_application_server_abap:700:::
sapnetweaver_application_server_abap753cpe:/a:sap:netweaver_application_server_abap:753:::
sapnetweaver_application_server_abap701cpe:/a:sap:netweaver_application_server_abap:701:::
sapnetweaver_application_server_abap754cpe:/a:sap:netweaver_application_server_abap:754:::
sapnetweaver_application_server_abap740cpe:/a:sap:netweaver_application_server_abap:740:::
sapnetweaver_application_server_abap750cpe:/a:sap:netweaver_application_server_abap:750:::
sapnetweaver_application_server_abap755cpe:/a:sap:netweaver_application_server_abap:755:::
sapnetweaver_application_server_abap756cpe:/a:sap:netweaver_application_server_abap:756:::
sapnetweaver_application_server_abap752cpe:/a:sap:netweaver_application_server_abap:752:::

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	702	cpe:/a:sap:netweaver_application_server_abap:702:::
sap	netweaver_application_server_abap	700	cpe:/a:sap:netweaver_application_server_abap:700:::
sap	netweaver_application_server_abap	753	cpe:/a:sap:netweaver_application_server_abap:753:::
sap	netweaver_application_server_abap	701	cpe:/a:sap:netweaver_application_server_abap:701:::
sap	netweaver_application_server_abap	754	cpe:/a:sap:netweaver_application_server_abap:754:::
sap	netweaver_application_server_abap	740	cpe:/a:sap:netweaver_application_server_abap:740:::
sap	netweaver_application_server_abap	750	cpe:/a:sap:netweaver_application_server_abap:750:::
sap	netweaver_application_server_abap	755	cpe:/a:sap:netweaver_application_server_abap:755:::
sap	netweaver_application_server_abap	756	cpe:/a:sap:netweaver_application_server_abap:756:::
sap	netweaver_application_server_abap	752	cpe:/a:sap:netweaver_application_server_abap:752:::

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetWeaver AS for ABAP and ABAP Platform (SAPRSBRO Program)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "740"
      },
      {
        "status": "affected",
        "version": "750"
      },
      {
        "status": "affected",
        "version": "751"
      },
      {
        "status": "affected",
        "version": "752"
      },
      {
        "status": "affected",
        "version": "753"
      },
      {
        "status": "affected",
        "version": "754"
      },
      {
        "status": "affected",
        "version": "755"
      },
      {
        "status": "affected",
        "version": "756"
      },
      {
        "status": "affected",
        "version": "757"
      }
    ]
  }
]