CVE-2016-4551
Summary
| CVE | CVE-2016-4551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-10-05 16:59:00 UTC |
| Updated | 2016-11-28 20:18:00 UTC |
| Description | The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver | 2004s | All | All | All |
| Application | Sap | Netweaver | 2004s | All | All | All |
| Application | Sap | Sap Aba | 7.00 | sp_level_0031 | All | All |
| Application | Sap | Sap Aba | 7.00 | sp_level_0031 | All | All |
| Application | Sap | Sap Basis | 7.00 | sp_level_0031 | All | All |
| Application | Sap | Sap Basis | 7.00 | sp_level_0031 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| SAP Security Audit Log Invalid Address Logging | Onapsis | MISC | www.onapsis.com | Permissions Required, Third Party Advisory |
| SAP Security Audit Log CVE-2016-4551 Security Bypass Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.