PT-2017-14525 · Sap · Sap Kernel
Published
2017-12-12
·
Updated
2018-01-04
·
CVE-2017-16689
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP KERNEL versions 7.21 through 7.22
SAP KERNEL version 7.45
SAP KERNEL version 7.49
Description
A Trusted RFC connection in SAP KERNEL can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
Recommendations
For SAP KERNEL versions 7.21 through 7.22, consider restricting access to the Trusted RFC connection to minimize the risk of unauthorized access.
For SAP KERNEL version 7.45, restrict the ability to establish Trusted RFC connections to only explicitly defined Trusted/Trusting Relations.
For SAP KERNEL version 7.49, limit the scope of Trusted RFC connections to prevent unauthorized access to different clients or users on the same system.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Kernel