CVE-2016-6146

Published: Sep 27, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to obtain sensitive TNS information via an unspecified query, aka SAP Security Note 2234226.

Affected (1)

Products: Sap: Trex

Sap

1 product

Trex

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Trex	Version 7.10 revision_63

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

http://packetstormsecurity.com/files/138445/SAP-TREX-7.10-Revision-63-NameServer-TNS-Information-Disclosure.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://scn.sap.com/community/security/blog/2015/12/09/sap-security-notes-december-2015--review

Source: cve@mitre.org

Vendor Advisory

http://seclists.org/fulldisclosure/2016/Aug/93

Source: cve@mitre.org

Third Party Advisory

https://layersevensecurity.com/wp-content/uploads/2016/03/Layer-Seven-Security_SAP-Security-Notes_February-2016.pdf

Source: cve@mitre.org

Third Party Advisory

http://onapsis.com/research/security-advisories/sap-trex-tns-information-disclosure-nameserver