Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSapCVELIST:CVE-2017-16691
HistoryDec 12, 2017 - 2:00 p.m.

CVE-2017-16691

2017-12-1214:00:00
sap
www.cve.org
4

EPSS

0.002

Percentile

62.1%

JSON

SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type β€˜SAR’. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.

CNA Affected

[
  {
    "product": "SAP Note Assistant",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52"
      }
    ]
  }
]

Related

nvd 1
cve 1
coresecurity 1
prion 1
nvd
nvd
CVE-2017-16691
2017-12-12 14:29:00
cve
cve
CVE-2017-16691
2017-12-12 14:29:00
coresecurity
coresecurity
SAP Note Assistant Insecure Handling of SAP Notes Signature Vulnerability
2017-11-30 00:00:00
prion
prion
Design/Logic Flaw
2017-12-12 14:29:00

EPSS

0.002

Percentile

62.1%

JSON
Related for CVELIST:CVE-2017-16691
nvd1cve1coresecurity1prion1