Code Injection Vulnerability in SAP TREX and Business Warehouse Accelerator
CVE-2017-7691

9.8CRITICAL

Key Information:

Vendor: SAP
Status: Trex
Vendor: CVE Published:; 11 April 2017

Summary

A code injection flaw has been identified in SAP's TREX and Business Warehouse Accelerator products, allowing malicious actors to execute arbitrary code. This vulnerability could lead to unauthorized actions, potentially compromising sensitive data and system integrity. SAP has addressed the issue through Security Note 2419592, advising users to apply security patches promptly to protect against potential exploits.

References

http://www.securityfocus.com/bid/97567

vdb-entryx_refsource_BID

https://blogs.sap.com/2017/04/11/sap-security-patch-day-a...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2017
Vulnerability Reserved
Apr 11, 2017