Vulnerability Details CVE-2016-6137
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.171
EPSS Ranking 94.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://onapsis.com/research/security-advisories/sap-trex-remote-command-execution
- http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/113
- http://seclists.org/fulldisclosure/2016/Aug/85
- http://onapsis.com/research/security-advisories/sap-trex-remote-command-execution
- http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/113
- http://seclists.org/fulldisclosure/2016/Aug/85