Vulnerabilities > CVE-2016-7437 - Unspecified vulnerability in SAP Netweaver 7.40
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://seclists.org/fulldisclosure/2016/Oct/53
- http://seclists.org/fulldisclosure/2016/Oct/53
- http://www.securityfocus.com/bid/93503
- http://www.securityfocus.com/bid/93503
- https://www.onapsis.com/research/security-advisories/sap-business-objects-memory-corruption-0
- https://www.onapsis.com/research/security-advisories/sap-business-objects-memory-corruption-0