SAP Netweaver 7.4 UCON Access Control Bypass Vulnerability
CVE-2016-3635 · MEDIUM Severity
AV:N/AC:M/AU:S/C:P/I:P/A:P
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
Learn more about our User Device Pen Test.