CVE-2016-7437 — SAP Netweaver vulnerability
3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 83.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 13
Latest updateMay 17
Description
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4