CVE-2017-16682
Last modified
CVE-2017-16682 is a vulnerability of currently unknown severity. SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Internet Transaction Server | All versions |
| Sap | Business Application Software Integrated Solution | >= 7.00, <= 7.02 |
| Sap | Business Application Software Integrated Solution | >= 7.50, <= 7.52 |
| Sap | Business Application Software Integrated Solution | 7.30 |
| Sap | Business Application Software Integrated Solution | 7.31 |
| Sap | Business Application Software Integrated Solution | 7.40 |
References
- http://www.securityfocus.com/bid/102143Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2526781Permissions Required
- http://www.securityfocus.com/bid/102143Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2526781Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16682?
How severe is CVE-2017-16682?
How do I fix CVE-2017-16682?
Are you affected by CVE-2017-16682?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST