Vulnerability Details CVE-2016-6146
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver
- http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html
- http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review
- http://seclists.org/fulldisclosure/2016/Aug/93
- https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf
- http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver
- http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html
- http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review
- http://seclists.org/fulldisclosure/2016/Aug/93
- https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf