CVE-2016-6147

9.8CRITICAL

Key Information:

Vendor: SAP
Status: Trex
Vendor: CVE Published:; 5 August 2016

Summary

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

References

http://www.securityfocus.com/bid/92066

vdb-entryx_refsource_BID

https://www.onapsis.com/blog/analyzing-sap-security-notes...

x_refsource_MISC

http://seclists.org/fulldisclosure/2016/Aug/94

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2016
Vulnerability Reserved
Jul 1, 2016