CVE-2016-9832

Name of the Vulnerable Software and Affected Versions PricewaterhouseCoopers (PwC) ACE-ABAP version 8.10.304 for SAP Security

Description The issue allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code. This can be achieved via SAPGUI or Internet Communication Framework (ICF) over HTTP or HTTPS. Examples of exploitation include using WEBGUI or Report.

Recommendations For PricewaterhouseCoopers (PwC) ACE-ABAP version 8.10.304, consider restricting access to the SAPGUI and Internet Communication Framework (ICF) to minimize the risk of exploitation. As a temporary workaround, limit the use of WEBGUI and Report until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.