CVE-2016-6147
CRITICALSAP TREX 7.10 Revision 63 - Remote Command Execution
Title source: llmDescription
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92066
Third Party Advisory x_refsource_misc
https://www.onapsis.com/blog/analyzing-sap-security-notes-february-2016
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Aug/94
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/138446/SAP-TREX-7.10-Revision-63-Remote-Command-Execution.html
Permissions Required x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-trex-remote-command-execution-0
Scores
CVSS v3
9.8
EPSS
0.1055
EPSS Percentile
93.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
sap/trex
7.10 revision_63
Published
Aug 05, 2016
Tracked Since
Feb 18, 2026