Vulnerability Description
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Trex | 7.10 |
References
- http://onapsis.com/research/security-advisories/sap-trex-remote-command-executioPermissions RequiredThird Party Advisory
- http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-ComThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Aug/113Third Party Advisory
- http://seclists.org/fulldisclosure/2016/Aug/85Third Party Advisory
- http://onapsis.com/research/security-advisories/sap-trex-remote-command-executioPermissions RequiredThird Party Advisory
- http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-ComThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Aug/113Third Party Advisory
- http://seclists.org/fulldisclosure/2016/Aug/85Third Party Advisory
FAQ
What is CVE-2016-6137?
CVE-2016-6137 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
How severe is CVE-2016-6137?
CVE-2016-6137 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6137?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Trex.