CVE-2016-3635 - Vulnerability Details - OpenCVE

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver

Configuration 1 [-]

cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2016/Oct/48
http://www.securityfocus.com/bid/93501
https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-13T14:00:00

Updated: 2024-08-06T00:03:34.369Z

Reserved: 2016-03-22T00:00:00

Link: CVE-2016-3635

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-10-13T14:59:00.220

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-3635

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93501", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93501"}, {"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"}, {"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Oct/48"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3635", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93501", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93501"}, {"name": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass", "refsource": "MISC", "url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"}, {"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Oct/48"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:03:34.369Z"}, "title": "CVE Program Container", "references": [{"name": "93501", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93501"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"}, {"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Oct/48"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3635", "datePublished": "2016-10-13T14:00:00", "dateReserved": "2016-03-22T00:00:00", "dateUpdated": "2024-08-06T00:03:34.369Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "F019F7F5-7740-4BD4-850F-D7A1923C6200", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366."}, {"lang": "es", "value": "SAP Netweaver 7.4 permite a usuarios remotos autenticados eludir una lista de control de acceso Unified Connectivity (UCON) intencionada y ejecutar Remote Function Modules (RFM) arbitrarios aprovechando una conexi\u00f3n creada por una ejecuci\u00f3n anterior de un RFM an\u00f3nimo incluido en una Communication Assembly, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2139366."}], "id": "CVE-2016-3635", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-13T14:59:00.220", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/48"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93501"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Oct/48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypass"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}