Published: 11/04/2017 Updated: 17/04/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap trex -

SAP's TREX exposed HANA, NetWeaver

The Register • Richard Chirgwin • 13 Apr 2017

No jokes about dinosaurs

SAP has rushed out a patch for its TREX search engine, after security researchers found bugs in a 2015 patch. TREX is a search engine used in several SAP products, including its HANA database and its venerable NetWeaver application and integration platform. According to ERPScan, SAP thought it had patched the code injection vulnerability in December 2015. Not so: ERPScan’s Mathieu Geli looked into the TREXNet communication protocol and found it ran without authentication. He’s quoted in the ...

CVE-2017-7691

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect