CVE-2023-27269: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

A directory traversal vulnerability (CVE-2023-27269) was discovered in SAP NetWeaver Application Server for ABAP and ABAP Platform affecting versions 700 through 791. The vulnerability was disclosed on March 14, 2023, and allows attackers with non-administrative privileges to exploit a directory traversal flaw in an available service (NVD).

The vulnerability is classified as a path traversal issue (CWE-22) that enables unauthorized file system access. It received a CVSS v3.1 base score of 9.6 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H, indicating network attack vector, low attack complexity, low privileges required, no user interaction needed, and changed scope with high impact on integrity and availability (NVD).

While the vulnerability does not allow data to be read, it enables attackers to overwrite potentially critical operating system files, which can render the system unavailable. The high severity rating reflects the significant potential impact on system integrity and availability (AttackerKB).

SAP has released security patches for the affected versions of NetWeaver Application Server for ABAP and ABAP Platform. Organizations running affected versions (700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791) should apply the available updates (SAP Note).