[ERPSCAN-12-009] SAP NetWeaver PFL_CHECK_OS_FILE_EXISTENCE – missing authorization check and SMB Relay vulnerability
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Auth bypass, Verb tampering
Date of Public Advisory:20.01.2011
Author: Alexey Tyurin
Missing authorization check in FRC function PFL_CHECK_OS_FILE_EXISTENCE.
Attacker can execute vulnerable transaction, programm or RFC function remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.