High severity7.5NVD Advisory· Published Oct 13, 2016· Updated Jun 17, 2026
CVE-2016-3635
CVE-2016-3635
Description
SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- seclists.org/fulldisclosure/2016/Oct/48nvdMailing ListThird Party Advisory
- www.onapsis.com/research/security-advisories/sap-ucon-security-protection-bypassnvdPermissions Required
- www.securityfocus.com/bid/93501nvd
News mentions
0No linked articles in our index yet.