CVE-2023-27501: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

CVE-2023-27501 affects SAP NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791. The vulnerability was disclosed on March 14, 2023, and involves a directory traversal flaw that allows attackers to exploit insufficient validation of path information provided by users (NVD).

The vulnerability is classified as a path traversal vulnerability (CWE-22) that allows attackers to exploit insufficient validation of path information in an available service. It has received a CVSS v3.1 Base Score of 9.6 (Critical) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H, while SAP SE assigned a score of 8.7 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H (NVD).

The vulnerability allows attackers to delete system files through a directory traversal attack. While no data can be read, potentially critical OS files can be deleted, causing significant impact on both system availability and integrity. The attack can make the system unavailable, affecting business operations (NVD).

SAP has released security patches to address this vulnerability. Users should refer to SAP Security Note 3294954 for detailed mitigation instructions (SAP Note).