In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.

Related CVEs

CVE-2023-29186

Key Information

GHSA ID

GHSA-6j2v-3cg6-9w64

Published

July 6, 2023 7:24 PM

Last Modified

April 4, 2024 5:35 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 4, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.