CVE-2017-11459

moderate-risk

Published 2017-07-25

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

Do I need to act?

2.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Trex

Affected Vendors

Sap

References (2)

https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 5/34 · Minimal