CVE-2017-11459
CRITICALSAP TREX 7.10 - Remote Code Execution via fdir Command
Title source: llmDescription
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/
Scores
CVSS v3
9.8
EPSS
0.0198
EPSS Percentile
83.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
sap/trex
7.10
Published
Jul 25, 2017
Tracked Since
Feb 18, 2026