ERPSCAN-11-026 SAP NetWeaver J2EE Engine – Authentication bypass
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Vendor response: 23.08.2010
Date of Public Advisory: 17.06.2011
Authentication bypass vulnerability in SAP NetWeaver J2EE engine can be exploited for multiple vectors such as Denial of service attack, Possible smb-relay attacks and others depending on system usage.
An attacker can bypass authentication restrictions of SAP J2EE engine and execute different attacks.