← Back

CVE-2017-16689

nvd nist
Published: Dec 12, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.

Affected (6)

Products: Sap: Sap Kernel
Sap
1 product
Sap Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Sap Kernel
Version 7.21
Sap Kernel
Version 7.21ext
Sap Kernel
Version 7.22
Sap Kernel
Version 7.22ext
Sap Kernel
Version 7.45
Sap Kernel
Version 7.49

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Issue TrackingVendor Advisory
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory

Timeline

No history available yet.