CVE-2016-6137

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
saptrex
7.10:revision_63
𝑥
= Vulnerable software versions
References
http://onapsis.com/research/security-advisories/sap-trex-remote-command-execution
http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2016/Aug/113
http://seclists.org/fulldisclosure/2016/Aug/85
http://onapsis.com/research/security-advisories/sap-trex-remote-command-execution
http://packetstormsecurity.com/files/138436/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2016/Aug/113
http://seclists.org/fulldisclosure/2016/Aug/85