CVE-2017-11459: Code Injection
First published: Tue Jul 25 2017(Updated: )
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP TREX | =7.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11459?
CVE-2017-11459 has a critical severity level as it allows remote code execution.
How do I fix CVE-2017-11459?
To fix CVE-2017-11459, you should apply the patches provided in SAP Security Note 2419592.
What software versions are affected by CVE-2017-11459?
CVE-2017-11459 affects SAP TREX version 7.10.
What types of attacks can be executed through CVE-2017-11459?
CVE-2017-11459 allows attackers to read arbitrary files and write to arbitrary files, potentially executing arbitrary code.
Is there a workaround for CVE-2017-11459 if I cannot apply the patch?
There are no official workarounds for CVE-2017-11459; applying the patch is the recommended mitigation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/sap
- canonical/sap trex
- version/sap trex/7.10