CVE-2016-9832
Severity CVSS v4.0:
Pending analysis
Type:
CWE-74
Injection
Publication date:
10/12/2016
Last modified:
12/04/2025
Description
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
Impact
Base Score 3.x
9.90
Severity 3.x
CRITICAL
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:pwc:ace-advanced_business_application_programming:8.10.304:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html
- http://seclists.org/fulldisclosure/2016/Dec/33
- http://www.securityfocus.com/archive/1/539883/100/0/threaded
- http://www.securityfocus.com/archive/1/539883/30/0/threaded
- http://www.securityfocus.com/bid/94733
- https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security
- http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html
- http://seclists.org/fulldisclosure/2016/Dec/33
- http://www.securityfocus.com/archive/1/539883/100/0/threaded
- http://www.securityfocus.com/archive/1/539883/30/0/threaded
- http://www.securityfocus.com/bid/94733
- https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security