CVE-2017-16689

CWE-287Improper Authentication3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 44.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Trusted RFC ConnectionSAP SAP Kernel
Timeline
PublishedDec 12
Latest updateMay 14

Description

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/sap_kernel6 versions+5
CVEListV5sap/trusted_rfc_connectionSAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49

🔴Vulnerability Details

2
GHSA
GHSA-crwv-5x5f-fc2f: A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 72022-05-14
CVEList
CVE-2017-16689: A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 72017-12-12
CVE-2017-16689 (HIGH CVSS 8.8) | A Trusted RFC connection in SAP KER | cvebase.io