CVE-2017-6950

EUVD-2017-15990
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
sapgui_for_windows
7.20
sapgui_for_windows
7.30
sapgui_for_windows
7.40_core_sp00-sp011:_core_sp00
sapgui_for_windows
7.50_core_sp000:_core_sp000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96872
http://www.securitytracker.com/id/1038122
https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/
http://www.securityfocus.com/bid/96872
http://www.securitytracker.com/id/1038122
https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/