9.1
CVE-2016-7435
- EPSS 3.34%
- Veröffentlicht 05.10.2016 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.34% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
http://seclists.org/fulldisclosure/2016/Oct/0
http://seclists.org/fulldisclosure/2016/Oct/1
http://seclists.org/fulldisclosure/2016/Oct/2
http://www.securityfocus.com/bid/93272
https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog