Lucene search
K

8 matches found

CVE
CVE
added 2017/04/11 9:0 p.m.56 views

CVE-2017-7691

The CVE-2017-7691 entry concerns a code-injection/remote code execution vulnerability in SAP TREX and the Business Warehouse Accelerator (BWA). The root cause described across sources is an insecure protocol/engine interaction within TREX that could be exploited to inject and execute code on the ...

9.8CVSS9.5AI score0.016EPSS
CVE
CVE
added 2016/09/27 3:0 p.m.52 views

CVE-2016-6146

CVE-2016-6146 affects SAP TREX 7.10 Revision 63 NameServer. It enables remote attackers to disclose sensitive TNS information via an unspecified query (information disclosure). Exploitation details (vector, conditions, exploit code) are not provided in the documents; CVSS suggests network access ...

5.3CVSS5.1AI score0.01969EPSS
CVE
CVE
added 2017/07/25 6:0 p.m.52 views

CVE-2017-11459

CVE-2017-11459 affects SAP TREX 7.10. The vulnerability allows remote attackers to read arbitrary files via the fget command and to write arbitrary files to potentially execute arbitrary code via the fdir command, per SAP Security Note 2419592. Root cause labeled as Missing Authentication for Cri...

9.8CVSS9.8AI score0.02354EPSS
CVE
CVE
added 2016/08/05 2:0 p.m.51 views

CVE-2016-6139

SAP TREX 7.10 Revision 63 is affected by a vulnerability that allows remote attackers to read arbitrary files via unspecified vectors. The issue is described in CVE-2016-6139 (aka SAP Security Note 2203591). The CVSS data indicates high to critical impact, with network access and no authenticatio...

9.8CVSS9.2AI score0.04154EPSS
CVE
CVE
added 2016/08/05 2:0 p.m.44 views

CVE-2016-6140

CVE-2016-6140 affects SAP TREX 7.10 Revision 63. Remote attackers can write arbitrary files via RFC-Gateway vectors, linked to SAP Security Note 2203591. The issue enables file write with network access and no authentication required, with high/critical impact on confidentiality, integrity, and a...

9.8CVSS9.1AI score0.05532EPSS
CVE
CVE
added 2016/08/05 2:0 p.m.44 views

CVE-2016-6147

CVE-2016-6147 affects SAP TREX 7.10 Revision 63. An unspecified interface allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors. Severity is high (CVSSv3: 9.8, NETWORK, Privileges Required: None). Connected sources corroborate remote code executio...

10CVSS9.7AI score0.04537EPSS
CVE
CVE
added 2016/09/27 3:0 p.m.41 views

CVE-2016-6137

SAP TREX 7.10 Revision 63 is affected by CVE-2016-6137, a remote command execution vulnerability stemming from an unspecified function that enables arbitrary OS command execution via unknown vectors (aka SAP Security Note 2203591). The public documents do not reveal the exact vulnerable component...

10CVSS9.7AI score0.04679EPSS
CVE
CVE
added 2016/08/05 2:0 p.m.41 views

CVE-2016-6138

SAP TREX 7.10 Revision 63 is affected by a directory traversal vulnerability (CVE-2016-6138). An unauthenticated remote attacker could read arbitrary files via unspecified vectors, as described in SAP Security Note 2203591. Root cause is insufficient input filtering in TREX, enabling traversal se...

10CVSS9.2AI score0.05786EPSS