QwikSec

Security Database

CVE

CWE

Training

CVE-2016-7435

Published: Oct 5, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20161003 Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG

mailing-list

x_refsource_FULLDISC

20161003 Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP

mailing-list

x_refsource_FULLDISC

https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv

x_refsource_MISC

https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshexporttabcomp

x_refsource_MISC

https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctctmsmaintainalog

x_refsource_MISC

vdb-entry

x_refsource_BID

20161003 Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV

mailing-list

x_refsource_FULLDISC

https://www.onapsis.com/blog/analyzing-sap-security-notes-march-2016

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.