Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2023-29186

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

  • Published: Apr 11, 2023
  • Updated: Apr 19, 2023
  • CVE: CVE-2023-29186
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
sap / netweaver 707 707.x
sap / netweaver 737 737.x
sap / netweaver 747 747.x
sap / netweaver 757 757.x