What is CVE-2017-7717?

CVE-2017-7717 is a high-severity vulnerability in Sap Netweaver_application_server_java, classified under SQL Injection. CVSS score: 8.8/10. Published 2017-04-14.

How severe is CVE-2017-7717?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Sap Netweaver_application_server_java

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

Vulnerability class: SQL Injection

EPSS: 0.008 (75.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap Netweaver_application_server_java — versions 7.40
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-7717?: CVE-2017-7717 is a high-severity vulnerability in Sap Netweaver_application_server_java, classified under SQL Injection. CVSS score: 8.8/10. Published 2017-04-14.
How severe is CVE-2017-7717?: High severity. CVSS v3 base score is 8.8 out of 10.