CVE-2017-16689 Information

Description

A Trusted RFC connection in SAP KERNEL 32NUC SAP KERNEL 32Unicode SAP KERNEL 64NUC SAP KERNEL 64Unicode 7.21 7.21EXT 7.22 7.22EXT; SAP KERNEL from 7.21 to 7.22 7.45 7.49 can be established to a different client or a different user on the same system although no explicit Trusted/Trusting Relation to the same system has been defined.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/102144 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ https://launchpad.support.sap.com//notes/2449757

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8