CVE-2017-16689 - Vulnerability Details - OpenCVE

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Sap Kernel

Configuration 1 [-]

OR	cpe:2.3:a:sap:sap_kernel:7.21:::::::*
	cpe:2.3:a:sap:sap_kernel:7.21ext:::::::*
	cpe:2.3:a:sap:sap_kernel:7.22:::::::*
	cpe:2.3:a:sap:sap_kernel:7.22ext:::::::*
	cpe:2.3:a:sap:sap_kernel:7.45:::::::*
	cpe:2.3:a:sap:sap_kernel:7.49:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102144
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
https://launchpad.support.sap.com/#/notes/2449757

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2017-12-12T14:00:00Z

Updated: 2024-09-17T03:03:01.674Z

Reserved: 2017-11-09T00:00:00

Link: CVE-2017-16689

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-12T14:29:00.640

Modified: 2024-11-21T03:16:49.560

Link: CVE-2017-16689

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Trusted RFC connection", "vendor": "SAP", "versions": [{"status": "affected", "version": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"}]}], "datePublic": "2017-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."}], "problemTypes": [{"descriptions": [{"description": "Additional authentication check in Trusted RFC on same system", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-13T10:57:01", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"name": "102144", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102144"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.support.sap.com/#/notes/2449757"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "DATE_PUBLIC": "2017-12-12T00:00:00", "ID": "CVE-2017-16689", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trusted RFC connection", "version": {"version_data": [{"version_value": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"}]}}]}, "vendor_name": "SAP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Additional authentication check in Trusted RFC on same system"}]}]}, "references": {"reference_data": [{"name": "102144", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102144"}, {"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", "refsource": "CONFIRM", "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"name": "https://launchpad.support.sap.com/#/notes/2449757", "refsource": "CONFIRM", "url": "https://launchpad.support.sap.com/#/notes/2449757"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:19.956Z"}, "title": "CVE Program Container", "references": [{"name": "102144", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102144"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2449757"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2017-16689", "datePublished": "2017-12-12T14:00:00Z", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-09-17T03:03:01.674Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*", "matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."}, {"lang": "es", "value": "Una conexi\u00f3n RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versi\u00f3n 7.21 hasta la 7.22, 7.45, 7.49, puede establecerse para un cliente o usuario diferentes en el mismo sistema aunque no se haya definido una relaci\u00f3n Trusted/Trusting expl\u00edcita con el mismo sistema."}], "id": "CVE-2017-16689", "lastModified": "2024-11-21T03:16:49.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-12T14:29:00.640", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102144"}, {"source": "cna@sap.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2449757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2449757"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}