Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

ERPSCAN-11-026 SAP NetWeaver J2EE Engine – Authentication bypass

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:XSS
Exploits: YES
Reported: 20.08.2010
Vendor response: 23.08.2010
Date of Public Advisory: 17.06.2011
CVSS: 9.0
Author:Alexander Polyakov

Description
Authentication bypass vulnerability in SAP NetWeaver J2EE engine can be exploited for multiple vectors such as Denial of service attack, Possible smb-relay attacks and others depending on system usage.

Business Risk
An attacker can bypass authentication restrictions of SAP J2EE engine and execute different attacks.