ERPSCAN-11-026 SAP NetWeaver J2EE Engine – Authentication bypass

DSECRG Advisories

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL:
Exploits: YES
Reported: 20.08.2010
Vendor response: 23.08.2010
Date of Public Advisory: 17.06.2011
CVSS: 9.0
Author:Alexander Polyakov

Authentication bypass vulnerability in SAP NetWeaver J2EE engine can be exploited for multiple vectors such as Denial of service attack, Possible smb-relay attacks and others depending on system usage.

Business Risk
An attacker can bypass authentication restrictions of SAP J2EE engine and execute different attacks.