CVE-2017-16682
Severity Score
7.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis desde la versión 7.00 hasta la 7.02, 7.30, 7.31 y 7.40 y desde la versión 7.50 hasta la 7.52, permite que un atacante con credenciales de administrador inyecte código que puede ser ejecutado por la aplicación y así controlar el comportamiento de la aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-09 CVE Reserved
- 2017-12-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102143 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 | 2017-12-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Internet Transaction Server Search vendor "Sap" for product "Netweaver Internet Transaction Server" | - | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | >= 7.00 <= 7.02 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version " >= 7.00 <= 7.02" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | >= 7.50 <= 7.52 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version " >= 7.50 <= 7.52" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.30 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.31 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.40 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.40" | - |
Affected
| ||||||