CVE-2017-16689

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
sapsap_kernel
7.21
sapsap_kernel
7.21ext:ext
sapsap_kernel
7.22
sapsap_kernel
7.22ext:ext
sapsap_kernel
7.45
sapsap_kernel
7.49
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102144
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
https://launchpad.support.sap.com/#/notes/2449757
http://www.securityfocus.com/bid/102144
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
https://launchpad.support.sap.com/#/notes/2449757