CVE-2023-27500

high-risk

Published 2023-03-14

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.

Do I need to act?

-

0.50% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.6/10 Critical

NETWORK / LOW complexity

Affected Products (13)

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Netweaver Application Server Abap

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3302162

Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Permissions Required https://launchpad.support.sap.com/#/notes/3302162

Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

51

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 17/34 · Moderate