返回 CVE 浏览器

CVE-2016-9832

CRITICAL

9.9

CVSS Severity Score

EPSS Score0.0500%

EPSS Percentile7.87th

Published2016年12月10日

Last Modified2026年5月6日

Vulnerability Description

PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.

Affected Platforms (CPE)

📦

Pwc

Ace Advanced Business Application Programming

= 8.10.304

References & Advisories

🔗 http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html

🔗 http://seclists.org/fulldisclosure/2016/Dec/33

🔗 http://www.securityfocus.com/archive/1/539883/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/539883/30/0/threaded

🔗 http://www.securityfocus.com/bid/94733

🔗 https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security

🔗 http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html

🔗 http://seclists.org/fulldisclosure/2016/Dec/33

相关漏洞威胁

CVE-2016-045210.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...

CVE-2016-048310.0

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attack...

CVE-2016-045110.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...

CVE-2016-049410.0

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embed...