- Description
- An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- cna@sap.com
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_bi_content:707:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD582724-499B-448A-BCC1-308E4BF4F0E8"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_bi_content:737:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32710905-F628-494B-BD88-30BA5DC9B995"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_bi_content:747:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B67959BB-333F-4EC1-88BC-F4CB4B7185EF"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_bi_content:757:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E3ACFF9-B538-4693-939A-90426AA1DFC8"
}
],
"operator": "OR"
}
]
}
]