[ERPSCAN-12-044] SAP NetWeaver SDM – authentication bypass

DSECRG Advisories

Application: SAP NetWeaver SDM
Versions Affected: SAP NetWeaver SDM
Vendor URL: http://www.sap.com
Bugs: Auth Bypass
Exploits: YES
Reported: 10.02.2012
Vendor response: 11.02.2012
Date of Public Advisory: 10.10.2012
Reference: SAP Security Note 1724516
Authors: Alexander Polyakov (ERPScan)

SAP NetWeaver SDM service is vulnerable to Authentication Bypass attack.

Business Risk
An attacker can bypass authorization restrictions of SAP NetWeaver SDM and execute various attacks.