CVE-2016-6139

EUVD-2016-7073
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
saptrex
7.10:revision_63
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/138438/SAP-TREX-7.10-Revision-63-Remote-File-Read.html
http://seclists.org/fulldisclosure/2016/Aug/115
http://seclists.org/fulldisclosure/2016/Aug/87
http://www.securityfocus.com/bid/92063
https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
https://www.onapsis.com/research/security-advisories/sap-trex-remote-file-read
http://packetstormsecurity.com/files/138438/SAP-TREX-7.10-Revision-63-Remote-File-Read.html
http://seclists.org/fulldisclosure/2016/Aug/115
http://seclists.org/fulldisclosure/2016/Aug/87
http://www.securityfocus.com/bid/92063
https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
https://www.onapsis.com/research/security-advisories/sap-trex-remote-file-read