Vulnerability Details CVE-2016-6147
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.106
EPSS Ranking 92.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/94
- http://www.securityfocus.com/bid/92066
- https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
- http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
- http://seclists.org/fulldisclosure/2016/Aug/94
- http://www.securityfocus.com/bid/92066
- https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
- https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0