Vulnerability Details : CVE-2016-6147
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
Exploit prediction scoring system (EPSS) score for CVE-2016-6147
Probability of exploitation activity in the next 30 days: 1.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6147
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6147
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6147
-
http://www.securityfocus.com/bid/92066
SAP TREX CVE-2016-6147 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
Analyzing SAP Security Notes February 2016 | OnapsisThird Party Advisory
-
https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
SAP TREX Remote Command Execution | OnapsisPermissions Required
-
http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
SAP TREX 7.10 Revision 63 Remote Command Execution ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2016/Aug/94
Full Disclosure: Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution
Products affected by CVE-2016-6147
- cpe:2.3:a:sap:trex:7.10:revision_63:*:*:*:*:*:*