CVE-2016-3635

2016-10-13T14:59:00
ID CVE-2016-3635
Type cve
Reporter cve@mitre.org
Modified 2016-11-28T20:12:00

Description

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.