CVE-2017-16682

CWE-94 — Code Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.5%

top 32.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Business Application Software Integrated Solution SAP SAP Netweaver Internet Transaction Server (its)

Timeline

PublishedDec 12

Latest updateMay 14

Description

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap/sap_netweaver_internet_transaction_server_(its)from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52

▶NVDsap/business_application_software_integrated_solution7.00 — 7.02+4

🔴Vulnerability Details

GHSA

GHSA-j6f3-f56f-c695: SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7↗2022-05-14

▶

CVEList

CVE-2017-16682: SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7↗2017-12-12

▶