Vulnerability CVE-2016-6146


Published: 2016-09-27

Description:
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.

See advisories in our WLB2 database:
Topic
Author
Date
Low
SAP TREX 7.10 Revision 63 NameServer TNS Information Disclosure
Multiple
22.08.2016

Type:

CWE-201

(Information Exposure Through Sent Data)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SAP -> TREX 

 References:
http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver
http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html
http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review
http://seclists.org/fulldisclosure/2016/Aug/93
https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf

Copyright 2024, cxsecurity.com

 

Back to Top