Vulnerabilities > CVE-2016-7437 - Security Bypass vulnerability in SAP Netweaver 7.40
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. <a href="http://cwe.mitre.org/data/definitions/778.html">CWE-778: Insufficient Logging</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |