SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection

Discussion in 'News Aggregator' started by Packet Storm, 4 Oct 2016.

  1. Packet Storm

    Packet Storm Guest

    The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_CHECK_ENV function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.

    Continue reading...
     
    #1 Packet Storm, 4 Oct 2016
(You must log in or sign up to post here.)

Share This Page

Loading...