CVE-2016-6138

Опубликовано: 05 авг. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

Ссылки

http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html
http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review
Vendor Advisory
http://seclists.org/fulldisclosure/2016/Aug/114
http://seclists.org/fulldisclosure/2016/Aug/86
http://www.securityfocus.com/bid/92060
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf
Technical Description
https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal
Permissions Required
http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html
http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review
Vendor Advisory
http://seclists.org/fulldisclosure/2016/Aug/114
http://seclists.org/fulldisclosure/2016/Aug/86
http://www.securityfocus.com/bid/92060
Third Party Advisory
VDB Entry
https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf
Technical Description
https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:trex:7.10:revision_63:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.1569

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-mw9p-6qwg-m87v