SAP NetWeaver AS是德国思爱普(SAP)公司的一款SAP网络应用服务器。它不仅能提供网络服务,且还是SAP软件的基本平台。
一、漏洞分析
漏洞编号:CNVD-2023-40168/CVE-2023-27269
危害等级:高危
漏洞描述:SAP NetWeaver AS存在路径遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞覆盖操作系统文件,导致系统
可用。
二、漏洞影响产品
SAP SAP NetWeaver AS 700
SAP SAP NetWeaver AS 701
SAP SAP NetWeaver AS 702
SAP SAP NetWeaver AS 731
SAP SAP NetWeaver AS 740
SAP SAP NetWeaver AS 750
SAP SAP NetWeaver AS 751
SAP SAP NetWeaver AS 752
SAP SAP NetWeaver AS 753
SAP SAP NetWeaver AS 754
SAP SAP NetWeaver AS 755
SAP SAP NetWeaver AS 756
SAP SAP NetWeaver AS 757
SAP SAP NetWeaver AS 791
三、漏洞处置建议
厂商已发布了漏洞修复程序,请及时关注更新:
https://launchpad.support.sap.com/#/notes/3294595/