CVE-2017-16684
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cna@sap.com — https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sap | business_intelligence_promotion_management_application | 4.10 | |
| sap | business_intelligence_promotion_management_application | 4.20 | |
| sap | business_intelligence_promotion_management_application | 4.30 | |
References
- http://www.securityfocus.com/bid/102147
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2537152
- http://www.securityfocus.com/bid/102147
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2537152
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.