SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-13T14:00:00
Updated: 2024-08-06T00:03:34.369Z
Reserved: 2016-03-22T00:00:00
Link: CVE-2016-3635
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-10-13T14:59:00.220
Modified: 2024-11-21T02:50:25.990
Link: CVE-2016-3635
Redhat
No data.