8 matches found
CVE-2017-7691
The CVE-2017-7691 entry concerns a code-injection/remote code execution vulnerability in SAP TREX and the Business Warehouse Accelerator (BWA). The root cause described across sources is an insecure protocol/engine interaction within TREX that could be exploited to inject and execute code on the ...
CVE-2016-6146
CVE-2016-6146 affects SAP TREX 7.10 Revision 63 NameServer. It enables remote attackers to disclose sensitive TNS information via an unspecified query (information disclosure). Exploitation details (vector, conditions, exploit code) are not provided in the documents; CVSS suggests network access ...
CVE-2017-11459
CVE-2017-11459 affects SAP TREX 7.10. The vulnerability allows remote attackers to read arbitrary files via the fget command and to write arbitrary files to potentially execute arbitrary code via the fdir command, per SAP Security Note 2419592. Root cause labeled as Missing Authentication for Cri...
CVE-2016-6139
SAP TREX 7.10 Revision 63 is affected by a vulnerability that allows remote attackers to read arbitrary files via unspecified vectors. The issue is described in CVE-2016-6139 (aka SAP Security Note 2203591). The CVSS data indicates high to critical impact, with network access and no authenticatio...
CVE-2016-6140
CVE-2016-6140 affects SAP TREX 7.10 Revision 63. Remote attackers can write arbitrary files via RFC-Gateway vectors, linked to SAP Security Note 2203591. The issue enables file write with network access and no authentication required, with high/critical impact on confidentiality, integrity, and a...
CVE-2016-6147
CVE-2016-6147 affects SAP TREX 7.10 Revision 63. An unspecified interface allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors. Severity is high (CVSSv3: 9.8, NETWORK, Privileges Required: None). Connected sources corroborate remote code executio...
CVE-2016-6137
SAP TREX 7.10 Revision 63 is affected by CVE-2016-6137, a remote command execution vulnerability stemming from an unspecified function that enables arbitrary OS command execution via unknown vectors (aka SAP Security Note 2203591). The public documents do not reveal the exact vulnerable component...
CVE-2016-6138
SAP TREX 7.10 Revision 63 is affected by a directory traversal vulnerability (CVE-2016-6138). An unauthenticated remote attacker could read arbitrary files via unspecified vectors, as described in SAP Security Note 2203591. Root cause is insufficient input filtering in TREX, enabling traversal se...