PT-2017-12027 · Sap · Sap Trex

Published

2017-07-25

Updated

2018-12-10

CVE-2017-11459

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP TREX version 7.10

Description The issue allows remote attackers to read arbitrary files via an fget command or write to arbitrary files and consequently execute arbitrary code via an fdir command.

Recommendations For SAP TREX version 7.10, apply the fix as described in SAP Security Note 2419592 to prevent remote attackers from reading or writing arbitrary files.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2017-11459

Affected Products

Sap Trex

PT-2017-12027 · Sap · Sap Trex

CVE-2017-11459

Weakness Enumeration

Related Identifiers

Affected Products

References · 3