CVE-2016-4551
HIGHSAP NetWeaver 7.00 SP Level 0031 - IP Address Spoofing in Security Audit Log
Title source: llmDescription
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/3
Permissions Required, Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invalid-address-logging
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93288
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (3)
sap/netweaver
2004s
sap/sap_aba
7.00 sp_level_0031
sap/sap_basis
7.00 sp_level_0031
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026