Vulnerability Description
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Internet Transaction Server | - |
| Sap | Business Application Software Integrated Solution | >= 7.00, <= 7.02 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102143Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2526781Permissions Required
- http://www.securityfocus.com/bid/102143Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2526781Permissions Required
FAQ
What is CVE-2017-16682?
CVE-2017-16682 is a vulnerability with a CVSS score of 7.2 (HIGH). SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed...
How severe is CVE-2017-16682?
CVE-2017-16682 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16682?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Internet Transaction Server, Sap Business Application Software Integrated Solution.