Vulnerability Description
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Intelligence Promotion Management Application | 4.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102147Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2537152Permissions Required
- http://www.securityfocus.com/bid/102147Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2537152Permissions Required
FAQ
What is CVE-2017-16684?
CVE-2017-16684 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
How severe is CVE-2017-16684?
CVE-2017-16684 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-16684?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Business Intelligence Promotion Management Application.