Vulnerability CVE-2016-6147
Published: 2016-08-05

Description:
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

See advisories in our WLB2 database:
Topic
Author
Date
High
SAP TREX 7.10 Revision 63 Remote Command Execution
Multiple
22.08.2016

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
SAP -> TREX 

 References:
http://www.securityfocus.com/bid/92066
https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
Copyright 2024, cxsecurity.com

 

Back to Top