CVE-2017-16689
HIGHSAP Kernel 7.21-7.22, 7.21EXT, 7.22EXT, 7.45, 7.49 - Improper Authentication in Trusted RFC Connection
Title source: llmDescription
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102144
Issue Tracking, Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Permissions Required, Vendor Advisory x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2449757
Scores
CVSS v3
8.8
EPSS
0.0033
EPSS Percentile
55.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (7)
sap/sap_kernel
7.21
sap/sap_kernel
7.21ext
sap/sap_kernel
7.22
sap/sap_kernel
7.22ext
sap/sap_kernel
7.45
sap/sap_kernel
7.49
SAP/Trusted RFC connection
SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026