Rewterz Threat Advisory – CVE-2023-28765 – SAP BusinessObjects Business Intelligence Platform Vulnerability
April 12, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric Factory Automation Engineering Vulnerability
April 12, 2023Rewterz Threat Advisory – CVE-2023-28765 – SAP BusinessObjects Business Intelligence Platform Vulnerability
April 12, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric Factory Automation Engineering Vulnerability
April 12, 2023Severity
High
Analysis Summary
CVE-2023-29186
SAP NetWeaver could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite arbitrary files on the system.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-29186
Affected Vendors
SAP
Affected Products
- SAP NetWeaver 707
- SAP NetWeaver 737
- SAP NetWeaver 747
- SAP NetWeaver 757
Remediation
Current SAP customers should refer to SAP Security Advisory for patch information, available from the SAP Web site (login required).