Vulnerability Description
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pwc | Ace-Advanced Business Application Programming | 8.10.304 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Dec/33Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539883/100/0/threaded
- http://www.securityfocus.com/archive/1/539883/30/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/94733Third Party AdvisoryVDB Entry
- https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-securitPermissions Required
- http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Dec/33Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539883/100/0/threaded
- http://www.securityfocus.com/archive/1/539883/30/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/94733Third Party AdvisoryVDB Entry
- https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-securitPermissions Required
FAQ
What is CVE-2016-9832?
CVE-2016-9832 is a vulnerability with a CVSS score of 9.9 (CRITICAL). PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communicat...
How severe is CVE-2016-9832?
CVE-2016-9832 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-9832?
Check the references section above for vendor advisories and patch information. Affected products include: Pwc Ace-Advanced Business Application Programming.