Описание
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-9832
- https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security
- http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html
- http://seclists.org/fulldisclosure/2016/Dec/33
- http://www.securityfocus.com/archive/1/539883/100/0/threaded
- http://www.securityfocus.com/archive/1/539883/30/0/threaded
- http://www.securityfocus.com/bid/94733
Связанные уязвимости
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.