Critical severity9.8NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2017-6950

Description

SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.

Affected products

SAP/Gui For Windows4 versions
cpe:2.3:a:sap:gui_for_windows:7.20:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:sap:gui_for_windows:7.20:*:*:*:*:*:*:*
- cpe:2.3:a:sap:gui_for_windows:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:sap:gui_for_windows:7.40_core_sp00-sp011:*:*:*:*:*:*:*
- cpe:2.3:a:sap:gui_for_windows:7.50_core_sp000:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/96872nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038122nvd
erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000