Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2016-7435

Published: 05/10/2016 Updated: 28/11/2016
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Netweaver

Vulnerability Summary

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver 7.40

Exploits

Exploit DB: SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
The SAP Netweaver version 740 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command ...
Exploit DB: SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
The SAP Netweaver version 740 SP 12 SCTC_REFRESH_CHECK_ENV function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command ...
Exploit DB: SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
The SAP Netweaver version 740 SP 12 SCTC_TMS_MAINTAIN_ALOG function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command ...

References

CWE-264https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenvhttp://seclists.org/fulldisclosure/2016/Oct/1http://seclists.org/fulldisclosure/2016/Oct/0http://seclists.org/fulldisclosure/2016/Oct/2https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainaloghttps://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomphttp://www.securityfocus.com/bid/93272https://nvd.nist.govhttps://packetstormsecurity.com/files/138950/SAP-Netweaver-7.40-SP-12-SCTC_REFRESH_EXPORT_TAB_COMP-Command-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook