Why break critical systems themselves when we can attack Deployment Server: the core from which all J2EE code spreads into other systems? The core is called SAP Software Deployment Server and consists of many subsystems like SDM, DTR, CMS. SAP has it’s  own SVN-like subsystem and Build service. Who cares about the security of Deployment Server? That’s why it is full of issues and it is possible to deploy your own code anonymously without having any access to NWDS using architecture flaws. In the end, your evil code will spread to any system you want, giving you the ability to control every business system. No need to say that all tricks described here were executed by Dmitry Chastuhin and his department in series of pentests

Injecting Evil Code in your SAP J2EE systems – Security of SAP Software Deployment Server