CVE-2016-7435 - OpenCVE

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Netweaver

Configuration 1 [-]

cpe:2.3:a:sap:netweaver:7.40:sp12:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2016/Oct/0	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2016/Oct/1	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2016/Oct/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93272
https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016	Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv	Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp	Third Party Advisory
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-05T16:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7435

JSON object: View

NVD Information

Status : Modified

Published: 2016-10-05T16:59:06.807

Modified: 2016-11-28T20:39:15.077

Link: CVE-2016-7435

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}, {"name": "93272", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93272"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7435", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}, {"name": "93272", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93272"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016", "refsource": "MISC", "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7435", "datePublished": "2016-10-05T16:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.40:sp12:*:*:*:*:*:*", "matchCriteriaId": "DBCD6DEE-C43F-4244-AFBD-BE77A34E7B0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}, {"lang": "es", "value": "Las funciones (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV y (3) SCTC_TMS_MAINTAIN_ALOG en el subpaquete SCTC en SAP Netweaver 7.40 SP 12 permiten a usuarios remotos autenticados con ciertos permisos ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con una sentencia CALL 'SYSTEM', vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2260344."}], "id": "CVE-2016-7435", "lastModified": "2016-11-28T20:39:15.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T16:59:06.807", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93272"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}