发布日期：2023-03-14

更新日期：2023-06-08

受影响系统：

SAP SAP NetWeaver AS for ABAP and ABAP Platform 791

SAP SAP NetWeaver AS for ABAP and ABAP Platform 757

SAP SAP NetWeaver AS for ABAP and ABAP Platform 756

SAP SAP NetWeaver AS for ABAP and ABAP Platform 755

SAP SAP NetWeaver AS for ABAP and ABAP Platform 754

SAP SAP NetWeaver AS for ABAP and ABAP Platform 753

SAP SAP NetWeaver AS for ABAP and ABAP Platform 752

SAP SAP NetWeaver AS for ABAP and ABAP Platform 751

SAP SAP NetWeaver AS for ABAP and ABAP Platform 750

SAP SAP NetWeaver AS for ABAP and ABAP Platform 740

SAP SAP NetWeaver AS for ABAP and ABAP Platform 731

SAP SAP NetWeaver AS for ABAP and ABAP Platform 702

SAP SAP NetWeaver AS for ABAP and ABAP Platform 701

SAP SAP NetWeaver AS for ABAP and ABAP Platform 700

描述：

CVE(CAN) ID: CVE-2023-27501

SAP NetWeaver AS是德国思爱普（SAP）公司的一款SAP网络应用服务器，它不仅能提供网络服务，且还是SAP软件的基本平台。

SAP NetWeaver AS for ABAP and ABAP Platform 700、701、702、731、740、750、751、752、753、754、755、756、757和791存在路径遍历漏洞，该漏洞源于程序未对用户提供的路径信息进行正确验证，攻击者可利用该漏洞删除系统文件，进而导致系统无法使用。

< *链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

*>

建议：

厂商补丁：

SAP

---

SAP已经为此发布了一个安全公告（May-2023）以及相应补丁:

May-2023：SAP Security Patch Day – May 2023

链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

浏览次数：27

严重程度：0（网友投票）