CVE-2016-6137

CRITICAL

SAP TREX 7.10 Revision 63 - Remote Command Execution

Title source: llm
STIX 2.1

Description

An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/85
Permissions Required, Third Party Advisory x_refsource_misc
http://onapsis.com/research/security-advisories/sap-trex-remote-command-execution
Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/113

Scores

CVSS v3 9.8
EPSS 0.0404
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
sap/trex 7.10 revision_63
Published Sep 27, 2016
Tracked Since Feb 18, 2026