CVE-2016-9832

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", "name": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", "tags": ["Permissions Required"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/94733", "name": "94733", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/539883/30/0/threaded", "name": "http://www.securityfocus.com/archive/1/539883/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2016/Dec/33", "name": "20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", "name": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/archive/1/539883/100/0/threaded", "name": "20161207 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-74"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-9832", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}}, "publishedDate": "2016-12-10T02:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pwc:ace-advanced_business_application_programming:8.10.304:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-09T20:01Z"}