Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass, Verb tampering
Exploits: YES
Reported: 14.03.2011
Vendor response:15.03.2011
Date of Public Advisory:11.11.2011
CVSS: 10 by ERPSCAN (7.3 by SAP)
Author:Alexandr Polyakov
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass, Verb tampering
Exploits: YES
Reported: 14.03.2011
Vendor response:15.03.2011
Date of Public Advisory:11.11.2011
CVSS: 10 by ERPSCAN (7.3 by SAP)
Author:Alexandr Polyakov
Description
Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution.
Business Risk
An attacker can bypass authorisation restrictions of SAP J2EE engine and execute different attacks.
