CVE-2017-16682

{"id": "CVE-2017-16682", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2017-12-12T14:29:00.403", "references": [{"url": "http://www.securityfocus.com/bid/102143", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2526781", "tags": ["Permissions Required"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."}, {"lang": "es", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis desde la versi\u00f3n 7.00 hasta la 7.02, 7.30, 7.31 y 7.40 y desde la versi\u00f3n 7.50 hasta la 7.52, permite que un atacante con credenciales de administrador inyecte c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n y as\u00ed controlar el comportamiento de la aplicaci\u00f3n."}], "lastModified": "2017-12-22T14:34:21.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_internet_transaction_server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EBD79C3-7B56-4065-B2B3-8FC54EB46CF0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF38D1E1-E07F-4E51-AE76-E27E7CE4F55C", "versionEndIncluding": "7.02", "versionStartIncluding": "7.00"}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90BE6E0-559E-4509-95EA-CB820611E16D", "versionEndIncluding": "7.52", "versionStartIncluding": "7.50"}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "990D5985-7828-4D8C-9463-CA077AB3881E"}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "341C07C1-2B4A-475D-B200-1021EB6B1F79"}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D80CC30-EE05-439F-BF2C-1267837137DE"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}