CVE-2016-6147

Опубликовано: 05 авг. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

Ссылки

http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2016/Aug/94
http://www.securityfocus.com/bid/92066
Third Party Advisory
VDB Entry
https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
Permissions Required
http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2016/Aug/94
http://www.securityfocus.com/bid/92066
Third Party Advisory
VDB Entry
https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:trex:7.10:revision_63:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10552

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-m6f7-w2rh-cx8m