CVE-2016-9832

{"id": "CVE-2016-9832", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2016-12-10T02:59:24.340", "references": [{"url": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2016/Dec/33", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/539883/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/539883/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/94733", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2016/Dec/33", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/539883/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/539883/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94733", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report."}, {"lang": "es", "value": "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 para SAP Security permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\u00f3n ABAP y ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) SAPGUI o (2) Internet Communication Framework (ICF) sobre HTTP o HTTPS, como lo demuestra WEBGUI o Report."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pwc:ace-advanced_business_application_programming:8.10.304:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A298AD59-4DE3-4946-B8DF-9F276D31EAAC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}