Vulnerability Description
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | 2004s |
| Sap | Sap Aba | 7.00 |
| Sap | Sap Basis | 7.00 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2016/Oct/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/93288
- https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invaPermissions RequiredThird Party Advisory
- http://seclists.org/fulldisclosure/2016/Oct/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/93288
- https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invaPermissions RequiredThird Party Advisory
FAQ
What is CVE-2016-4551?
CVE-2016-4551 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the n...
How severe is CVE-2016-4551?
CVE-2016-4551 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4551?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver, Sap Sap Aba, Sap Sap Basis.