CVE-2017-16682

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Internet Transaction Server (ITS) versions 7.00 through 7.02 SAP NetWeaver Internet Transaction Server (ITS) version 7.30 SAP NetWeaver Internet Transaction Server (ITS) version 7.31 SAP NetWeaver Internet Transaction Server (ITS) version 7.40 SAP NetWeaver Internet Transaction Server (ITS) versions 7.50 through 7.52

Description The issue allows an attacker with administrator credentials to inject code that can be executed by the application, thereby controlling the behavior of the application.

Recommendations For SAP NetWeaver Internet Transaction Server (ITS) versions 7.00 through 7.02, update to a version outside of this range to mitigate the risk. For SAP NetWeaver Internet Transaction Server (ITS) version 7.30, update to a version outside of this range to mitigate the risk. For SAP NetWeaver Internet Transaction Server (ITS) version 7.31, update to a version outside of this range to mitigate the risk. For SAP NetWeaver Internet Transaction Server (ITS) version 7.40, update to a version outside of this range to mitigate the risk. For SAP NetWeaver Internet Transaction Server (ITS) versions 7.50 through 7.52, update to a version outside of this range to mitigate the risk.