[ERPSCAN-11-041] SAP NetWeaver – Authentication bypass (Verb Tampering)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass, Verb tampering
Date of Public Advisory:11.11.2011
CVSS: 10 by ERPSCAN (7.3 by SAP)
Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution.
An attacker can bypass authorization restrictions of SAP J2EE engine and execute different attacks.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: