What is CVE-2016-4551?

CVE-2016-4551 is a high-severity vulnerability in Sap Netweaver, classified under Improper Access Control. CVSS score: 7.5/10. Published 2016-10-05.

How severe is CVE-2016-4551?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Sap Netweaver

CVE-2016-4551

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note…

EPSS: 0.003 (52.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Sap Netweaver — versions 2004s
Sap Sap_aba — versions 7.00
Sap Sap_basis — versions 7.00
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

20161003 Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (Permissions Required, Third Party Advisory, x_refsource_MISC)
93288 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-4551?: CVE-2016-4551 is a high-severity vulnerability in Sap Netweaver, classified under Improper Access Control. CVSS score: 7.5/10. Published 2016-10-05.
How severe is CVE-2016-4551?: High severity. CVSS v3 base score is 7.5 out of 10.