CVE-2016-9832
published 2016-12-10CVE-2016-9832: PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code…
PriorityP258critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
EPSS
4.03%
89.3th percentile
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pwc | ace-advanced_business_application_programming | — | — |
CVSS provenance
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Dec/33http://www.securityfocus.com/archive/1/539883/100/0/threadedhttp://www.securityfocus.com/archive/1/539883/30/0/threadedhttp://www.securityfocus.com/bid/94733https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-securityhttp://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Dec/33http://www.securityfocus.com/archive/1/539883/100/0/threadedhttp://www.securityfocus.com/archive/1/539883/30/0/threadedhttp://www.securityfocus.com/bid/94733https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security
2016-12-10
Published