[ERPSCAN-12-008] SAP NetWeaver RWB – unauthorized access

DSECRG Advisories

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass
Exploits: YES
Reported: 15.02.2011
Vendor response:16.02.2011
Date of Public Advisory:20.01.2011
Author:Alexandr Polyakov

Unauthorized access is possible to some Runtime Workbench resources

Business Risk
Vulnerability can lead to disclosure of the information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from the given service for the subsequent attacks which will lead to illegal access to the business-critical information.