CyberSec.Space Logo
Back to CVE Browser

CVE-2016-9832

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile7.87th
PublishedDec 10, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.

Affected Platforms (CPE)

πŸ“¦
Pwc

Ace Advanced Business Application Programming

= 8.10.304

References & Advisories

πŸ”— http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html
πŸ”— http://seclists.org/fulldisclosure/2016/Dec/33
πŸ”— http://www.securityfocus.com/archive/1/539883/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/539883/30/0/threaded
πŸ”— http://www.securityfocus.com/bid/94733
πŸ”— https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security
πŸ”— http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html
πŸ”— http://seclists.org/fulldisclosure/2016/Dec/33

Related Vulnerabilities

CVE-2016-933510.0

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmwa...

CVE-2016-578810.0

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which...

CVE-2016-150510.0

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a...

CVE-2016-1092610.0

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.