Vulnerability Details CVE-2017-16689
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/102144
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2449757
- http://www.securityfocus.com/bid/102144
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2449757
Products affected by CVE-2017-16689
-
cpe:2.3:a:sap:sap_kernel:7.21
-
cpe:2.3:a:sap:sap_kernel:7.21ext
-
cpe:2.3:a:sap:sap_kernel:7.22
-
cpe:2.3:a:sap:sap_kernel:7.22ext
-
cpe:2.3:a:sap:sap_kernel:7.45
-
cpe:2.3:a:sap:sap_kernel:7.49