[ERPSCAN-11-041] SAP NetWeaver – Authentication bypass (Verb Tampering)

DSECRG Advisories

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass, Verb tampering
Exploits: YES
Reported: 14.03.2011
Vendor response:15.03.2011
Date of Public Advisory:11.11.2011
CVSS: 10 by ERPSCAN (7.3 by SAP)
Author:Alexandr Polyakov

Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution.

Business Risk
An attacker can bypass authorization restrictions of SAP J2EE engine and execute different attacks.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: