CVE-2016-7435
CRITICALSAP NetWeaver 7.40 SP 12 - Authenticated Remote Code Execution via SCTC Subpackage CALL 'SYSTEM' Statement
Title source: llmDescription
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/1
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/0
Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv
Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp
Third Party Advisory x_refsource_misc
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93272
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Oct/2
Third Party Advisory x_refsource_misc
https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016
Scores
CVSS v3
9.1
EPSS
0.0135
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
sap/netweaver
7.40 sp12
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026