CVE-2017-11459Code Injection in SAP Trex

CWE-94Code Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.0%
top 16.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Trex
Timeline
PublishedJul 25
Latest updateMay 14

Description

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDsap/trex7.10

🔴Vulnerability Details

2
GHSA
GHSA-xr3q-3pcr-52mg: SAP TREX 72022-05-14
CVEList
CVE-2017-11459: SAP TREX 72017-07-25
CVE-2017-11459 — Code Injection in SAP Trex | cvebase