CVE-2016-6138

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html
http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review	Vendor Advisory
http://seclists.org/fulldisclosure/2016/Aug/114
http://seclists.org/fulldisclosure/2016/Aug/86
http://www.securityfocus.com/bid/92060	Third Party Advisory VDB Entry
https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf	Technical Description
https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015
https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:trex:7.10:revision_63:*:*:*:*:*:*

History

No history.

Information

Published : 2016-08-05 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-6138

Mitre link : CVE-2016-6138

CVE.ORG link : CVE-2016-6138

JSON object : View

Products Affected

sap

trex

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2016-6138", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-08-05T14:59:11.437", "references": [{"url": "http://packetstormsecurity.com/files/138437/SAP-TREX-7.10-Revision-63-Directory-Traversal.html", "source": "cve@mitre.org"}, {"url": "http://scn.sap.com/community/security/blog/2015/10/14/sap-security-notes-october-2015--review", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2016/Aug/114", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2016/Aug/86", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/92060", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://layersevensecurity.com/wp-content/uploads/2015/11/Layer-Seven-Security_SAP-Security-Notes_October-2015.pdf", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-october-2015", "source": "cve@mitre.org"}, {"url": "https://www.onapsis.com/research/security-advisories/sap-trex-remote-directory-traversal", "tags": ["Permissions Required"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en SAP TREX 7.10 Revision 63 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SAP Security Note 2203591."}], "lastModified": "2016-11-28T20:30:36.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:trex:7.10:revision_63:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F3A9BC2-1A94-433B-B3B2-DB4CB2839195"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}