CVE-2016-3635
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
SAP Netweaver 7.4 permite a usuarios remotos autenticados eludir una lista de control de acceso Unified Connectivity (UCON) intencionada y ejecutar Remote Function Modules (RFM) arbitrarios aprovechando una conexión creada por una ejecución anterior de un RFM anónimo incluido en una Communication Assembly, vulnerabilidad también conocida como SAP Security Note 2139366.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-22 CVE Reserved
- 2016-10-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Oct/48 | Mailing List |
|
| http://www.securityfocus.com/bid/93501 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|