{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Internet Transaction Server (ITS)", "vendor": "SAP", "versions": [{"status": "affected", "version": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"}]}], "datePublic": "2017-12-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-13T10:57:01.000Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"name": "102143", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102143"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.support.sap.com/#/notes/2526781"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "DATE_PUBLIC": "2017-12-12T00:00:00", "ID": "CVE-2017-16682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Internet Transaction Server (ITS)", "version": {"version_data": [{"version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"}]}}]}, "vendor_name": "SAP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "102143", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102143"}, {"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", "refsource": "CONFIRM", "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"name": "https://launchpad.support.sap.com/#/notes/2526781", "refsource": "CONFIRM", "url": "https://launchpad.support.sap.com/#/notes/2526781"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:19.953Z"}, "title": "CVE Program Container", "references": [{"name": "102143", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102143"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2526781"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2017-16682", "datePublished": "2017-12-12T14:00:00.000Z", "dateReserved": "2017-11-09T00:00:00.000Z", "dateUpdated": "2024-09-16T22:39:53.093Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_internet_transaction_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EBD79C3-7B56-4065-B2B3-8FC54EB46CF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF38D1E1-E07F-4E51-AE76-E27E7CE4F55C", "versionEndIncluding": "7.02", "versionStartIncluding": "7.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*", "matchCriteriaId": "D90BE6E0-559E-4509-95EA-CB820611E16D", "versionEndIncluding": "7.52", "versionStartIncluding": "7.50", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "990D5985-7828-4D8C-9463-CA077AB3881E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "341C07C1-2B4A-475D-B200-1021EB6B1F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "4D80CC30-EE05-439F-BF2C-1267837137DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."}, {"lang": "es", "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis desde la versi\u00f3n 7.00 hasta la 7.02, 7.30, 7.31 y 7.40 y desde la versi\u00f3n 7.50 hasta la 7.52, permite que un atacante con credenciales de administrador inyecte c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n y as\u00ed controlar el comportamiento de la aplicaci\u00f3n."}], "id": "CVE-2017-16682", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-12T14:29:00.403", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102143"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/2526781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/2526781"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}