SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-13T14:00:00

Updated: 2024-08-06T00:03:34.369Z

Reserved: 2016-03-22T00:00:00

Link: CVE-2016-3635

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-10-13T14:59:00.220

Modified: 2024-11-21T02:50:25.990

Link: CVE-2016-3635

cve-icon Redhat

No data.