All the vulnerabilites related to SAP - SAP NetWeaver Internet Transaction Server (ITS)
cve-2017-16682
Vulnerability from cvelistv5
Published
2017-12-12 14:00
Modified
2024-09-16 22:39
Severity ?
Summary
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:19.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102143",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2526781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver Internet Transaction Server (ITS)",
          "vendor": "SAP",
          "versions": [
            {
              "status": "affected",
              "version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
            }
          ]
        }
      ],
      "datePublic": "2017-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-13T10:57:01",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "name": "102143",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2526781"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "DATE_PUBLIC": "2017-12-12T00:00:00",
          "ID": "CVE-2017-16682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102143",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102143"
            },
            {
              "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
              "refsource": "CONFIRM",
              "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2526781",
              "refsource": "CONFIRM",
              "url": "https://launchpad.support.sap.com/#/notes/2526781"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2017-16682",
    "datePublished": "2017-12-12T14:00:00Z",
    "dateReserved": "2017-11-09T00:00:00",
    "dateUpdated": "2024-09-16T22:39:53.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}