CVE-2016-6146

EUVD-2016-7080
The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
saptrex
7.10:revision_63
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver
http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html
http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review
http://seclists.org/fulldisclosure/2016/Aug/93
https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf
http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver
http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html
http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review
http://seclists.org/fulldisclosure/2016/Aug/93
https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf