CVE-2016-6147

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

10.6%

top 6.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Trex

Timeline

PublishedAug 5

Latest updateMay 17

Description

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDsap/trex7.10

🔴Vulnerability Details

GHSA

GHSA-m6f7-w2rh-cx8m: An unspecified interface in SAP TREX 7↗2022-05-17

▶

CVEList

CVE-2016-6147: An unspecified interface in SAP TREX 7↗2016-08-05

▶