Remote File Read Vulnerability in SAP TREX 7.10 by SAP
CVE-2016-6139

9.8CRITICAL

Key Information:

Vendor
SAP
Status
Trex
Vendor
CVE Published:
5 August 2016

Summary

SAP TREX 7.10 Revision 63 contains a vulnerability that allows remote attackers to read arbitrary files through unspecified vectors. This weakness can be exploited to gain unauthorized access to sensitive information, making it critical for organizations using SAP TREX to apply noted security patches and implementation best practices as outlined in SAP Security Note 2203591.

References

http://packetstormsecurity.com/files/138438/SAP-TREX-7.10...
x_refsource_MISC
http://www.securityfocus.com/bid/92063
vdb-entryx_refsource_BID
https://www.onapsis.com/blog/analyzing-sap-security-notes...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.