CVE-2017-16689

Name of the Vulnerable Software and Affected Versions SAP KERNEL versions 7.21 through 7.22 SAP KERNEL version 7.45 SAP KERNEL version 7.49

Description A Trusted RFC connection in SAP KERNEL can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.

Recommendations For SAP KERNEL versions 7.21 through 7.22, consider restricting access to the Trusted RFC connection to minimize the risk of unauthorized access. For SAP KERNEL version 7.45, restrict the ability to establish Trusted RFC connections to only explicitly defined Trusted/Trusting Relations. For SAP KERNEL version 7.49, limit the scope of Trusted RFC connections to prevent unauthorized access to different clients or users on the same system.