SAP Netweaver 7.4 UCON Access Control Bypass Vulnerability

SAP Netweaver 7.4 UCON Access Control Bypass Vulnerability

CVE-2016-3635 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.

Learn more about our User Device Pen Test.