Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-27501
HistoryMar 14, 2023 - 6:15 a.m.

CVE-2023-27501

2023-03-1406:15:12
CWE-22
[email protected]
web.nvd.nist.gov
30
sap
netweaver
abap
as
directory traversal
vulnerability
cve-2023-27501
nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.9 High

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

32.0%

JSON

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity

CPENameOperatorVersion
sap:netweaver_application_server_abapsap netweaver application server abapeq700
sap:netweaver_application_server_abapsap netweaver application server abapeq701
sap:netweaver_application_server_abapsap netweaver application server abapeq702
sap:netweaver_application_server_abapsap netweaver application server abapeq731
sap:netweaver_application_server_abapsap netweaver application server abapeq740
sap:netweaver_application_server_abapsap netweaver application server abapeq750
sap:netweaver_application_server_abapsap netweaver application server abapeq751
sap:netweaver_application_server_abapsap netweaver application server abapeq752
sap:netweaver_application_server_abapsap netweaver application server abapeq753
sap:netweaver_application_server_abapsap netweaver application server abapeq754
Rows per page:
1-10 of 141

Related

prion 1
cvelist 1
nessus 1
prion
prion
Directory traversal
2023-03-14 06:15:00
cvelist
cvelist
CVE-2023-27501 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
2023-03-14 05:06:17
nessus
nessus
SAP NetWeaver AS ABAP Multiple Vulnerabilities (March 2023)
2023-03-16 00:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.9 High

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

32.0%

JSON
Related for CVE-2023-27501
prion1cvelist1nessus1