CVE-2017-7717: SQL Injection
First published: Fri Apr 14 2017(Updated: )
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Java Application Server | =7.40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7717?
CVE-2017-7717 is considered to have a high severity due to its potential for remote unauthorized SQL command execution.
How do I fix CVE-2017-7717?
To fix CVE-2017-7717, apply the relevant SAP Security Note 2356504 to your SAP NetWeaver AS Java 7.4 installation.
Who is affected by CVE-2017-7717?
CVE-2017-7717 affects remote authenticated users of SAP NetWeaver AS Java 7.4.
What kind of vulnerability is CVE-2017-7717?
CVE-2017-7717 is an SQL injection vulnerability that allows users to execute arbitrary SQL commands.
Can CVE-2017-7717 be exploited remotely?
Yes, CVE-2017-7717 can be exploited remotely by authenticated users through the vulnerable method.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver java application server
- version/sap netweaver java application server/7.40