CVE-2016-4551

CWE-284Improper Access Control3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 47.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP NetweaverSAP SAP ABASAP SAP Basis
Timeline
PublishedOct 5
Latest updateMay 17

Description

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDsap/netweaver2004s
NVDsap/sap_aba7.00
NVDsap/sap_basis7.00

🔴Vulnerability Details

2
GHSA
GHSA-7p5f-r93x-9xj6: The (1) SAP_BASIS and (2) SAP_ABA components 72022-05-17
CVEList
CVE-2016-4551: The (1) SAP_BASIS and (2) SAP_ABA components 72016-10-05
CVE-2016-4551 (HIGH CVSS 7.5) | The (1) SAP_BASIS and (2) SAP_ABA c | cvebase.io