Vulnerability Description
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Trex | 7.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Com
- http://seclists.org/fulldisclosure/2016/Aug/94
- http://www.securityfocus.com/bid/92066Third Party AdvisoryVDB Entry
- https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016Third Party Advisory
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-exePermissions Required
- http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Com
- http://seclists.org/fulldisclosure/2016/Aug/94
- http://www.securityfocus.com/bid/92066Third Party AdvisoryVDB Entry
- https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016Third Party Advisory
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-exePermissions Required
FAQ
What is CVE-2016-6147?
CVE-2016-6147 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
How severe is CVE-2016-6147?
CVE-2016-6147 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6147?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Trex.