SAP NetWeaver Portal 'ConfigServlet' Remote Code Execution Network Vulnerability

Summary

SAP NetWeaver Portal is prone to a remote code-execution vulnerability. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.

References

http://erpscan.com/wp-content/uploads/2012/11/Breaking-SAP-Portal-HackerHalted-2012.pdf
http://www.exploit-db.com/exploits/24963/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
admin.cgi overflow
Arkeia Appliance Multiple Vulnerabilities
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability

Take action and discover your vulnerabilities