CVE-2017-16682

7.2HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Internet Transaction Server (its)
Vendor: CVE Published:; 12 December 2017

Summary

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

Affected Version(s)

SAP NetWeaver Internet Transaction Server (ITS) from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52

References

http://www.securityfocus.com/bid/102143

vdb-entryx_refsource_BID

https://blogs.sap.com/2017/12/12/sap-security-patch-day-d...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2526781

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2017
Vulnerability Reserved
Nov 9, 2017

.