SAP has issued a security patch for the SAP TREX search engine that addresses multiple vulnerabilities discovered by the experts in a 2015 patch released in December 2015. The TREXNet communication protocol used by the company did not implement an authentication mechanism. SAP was affected by a critical code injection vulnerability (SAP Security Note 2419592) that he company addressed with the 2015 patch, unfortunately the problem was not completely solved. The vulnerability, tracked as CVE-2017-7691, could be exploited by an attacker to read or create operating system files by sending a crafted request to TreXNet ports.”]
Source: https://securityaffairs.co/wordpress/57980/hacking/sap-trex-critical-flaw.html