CVE-2016-6146

MEDIUM

SAP TREX 7.10- Revision 63 - Info Disclosure

Title source: llm

Description

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.

References (5)

[Permissions Required, Third Party Advisory] http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html

[Vendor Advisory] http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review

[Third Party Advisory] http://seclists.org/fulldisclosure/2016/Aug/93

[Third Party Advisory] https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf

Scores

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

sap/trex

n/a/n/a

Timeline

Published Sep 27, 2016

Tracked Since Feb 18, 2026