ID
VAR-E-201703-0444
CVE
| cve_id: | CVE-2017-6950 | Trust: 0.3 |
TITLE
SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability
Trust: 0.3
DESCRIPTION
SAP GUI is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application.
Note: This issue was previously titled 'SAP GUI Unspecified Remote Code Execution Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | gui core sp000 | scope: | eq | version: | 7.50 | Trust: 0.3 |
| vendor: | sap | model: | gui | scope: | eq | version: | 7.30 | Trust: 0.3 |
| vendor: | sap | model: | gui | scope: | eq | version: | 7.20 | Trust: 0.3 |
| vendor: | sap | model: | gui | scope: | eq | version: | 10.0.1 | Trust: 0.3 |
EXPLOIT
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
The vendor reported this issue.
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6950 | Trust: 0.3 |
| db: | BID | id: | 96872 | Trust: 0.3 |
REFERENCES
| url: | http://www.sap.com/ | Trust: 0.3 |
| url: | https://threatpost.com/sap-vulnerability-puts-business-data-at-risk-for-thousands-of-companies/124473/ | Trust: 0.3 |
| url: | https://blogs.sap.com/2017/03/14/sap-security-patch-day-march-2017/ | Trust: 0.3 |
| url: | https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/ | Trust: 0.3 |
| url: | https://erpscan.com/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/ | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/2407616 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 96872 |
LAST UPDATE DATE
2022-07-27T09:49:24.685000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 96872 | date: | 2017-04-18T02:04:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 96872 | date: | 2017-03-14T00:00:00 |