PT-2016-7330 · Sap · Sap Netweaver
Emiliano J. Fausto
·
Published
2016-10-13
·
Updated
2016-10-13
·
CVE-2016-7437
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Netweaver version 7.40
Description
The issue allows local users to potentially hide rejected attempts to execute RFC function callbacks by improperly logging certain events as non-critical in the SAP Security Audit Log. This could be leveraged by filtering of non-critical events in audit analysis reports.
Recommendations
For SAP Netweaver version 7.40, apply the fix provided in SAP Security Note 2252312 to properly log events and prevent potential hiding of rejected attempts to execute RFC function callbacks.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Netweaver