CVE-2016-9832 Information
Feb 14, 2021
cve
Description
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS as demonstrated by WEBGUI or Report.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html http://seclists.org/fulldisclosure/2016/Dec/33 http://www.securityfocus.com/archive/1/539883/100/0/threaded http://www.securityfocus.com/archive/1/539883/30/0/threaded http://www.securityfocus.com/bid/94733 https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9
Share on: