CVE-2016-7437

Low CVSS 3.3

Overview

SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.

CWE: N/A Published: 2016-10-13T14:59:12.237

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.3 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags