CVE-2016-7435 - OpenCVE

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver

Configuration 1 [-]

cpe:2.3:a:sap:netweaver:7.40:sp12:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2016/Oct/0
http://seclists.org/fulldisclosure/2016/Oct/1
http://seclists.org/fulldisclosure/2016/Oct/2
http://www.securityfocus.com/bid/93272
https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp
https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-05T16:00:00

Updated: 2024-08-06T01:57:47.627Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7435

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-05T16:59:06.807

Modified: 2016-11-28T20:39:15.077

Link: CVE-2016-7435

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}, {"name": "93272", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93272"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7435", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}, {"name": "93272", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93272"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016", "refsource": "MISC", "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.627Z"}, "title": "CVE Program Container", "references": [{"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}, {"name": "93272", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93272"}, {"name": "20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7435", "datePublished": "2016-10-05T16:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.627Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.40:sp12:*:*:*:*:*:*", "matchCriteriaId": "DBCD6DEE-C43F-4244-AFBD-BE77A34E7B0C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344."}, {"lang": "es", "value": "Las funciones (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV y (3) SCTC_TMS_MAINTAIN_ALOG en el subpaquete SCTC en SAP Netweaver 7.40 SP 12 permiten a usuarios remotos autenticados con ciertos permisos ejecutar comandos arbitrarios a trav\u00e9s de vectores relacionados con una sentencia CALL 'SYSTEM', vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2260344."}], "id": "CVE-2016-7435", "lastModified": "2016-11-28T20:39:15.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T16:59:06.807", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/0"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93272"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}