Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Date of Public Advisory:11.11.2011
Author: Alexey Tyurin
TH_GREP report is vulnerable for command execution vulnerability which is working with previous patch (note 1433101). Remote OS command execution is possible
A remote attacker or insider can send a malicious command to SAP NetWeaver server through the Internet or inside a company and conduct aт unauthorised execution of code on server side. With help of this access it is possible to obtain sensitive technical and business-related information stored in the vulnerable SAP system.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: