Description
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102143
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Permissions Required x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2526781
Scores
CVSS v3
7.2
EPSS
0.0055
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (6)
sap/business_application_software_integrated_solution
7.30
sap/business_application_software_integrated_solution
7.31
sap/business_application_software_integrated_solution
7.40
sap/business_application_software_integrated_solution
7.00 - 7.02
sap/netweaver_internet_transaction_server
SAP/SAP NetWeaver Internet Transaction Server (ITS)
from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026