Vulnerability Details CVE-2016-6138
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.203
EPSS Ranking 95.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html
- http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review
- http://seclists.org/fulldisclosure/2016/Aug/114
- http://seclists.org/fulldisclosure/2016/Aug/86
- http://www.securityfocus.com/bid/92060
- https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf
- https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal
- http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html
- http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review
- http://seclists.org/fulldisclosure/2016/Aug/114
- http://seclists.org/fulldisclosure/2016/Aug/86
- http://www.securityfocus.com/bid/92060
- https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf
- https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal