Description
ERPScan discovered a vulnerability in SAP NetWeaver that allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication.
Remediation
Install SAP security patches 1467771, 1445998.
Change the value of EnableInvokerServletGlobally property of servlet_jsp service on the server nodes to false.
References
Related Vulnerabilities
WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.8.9.5)
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)
Tiki Wiki CMS: Remote Code Execution via Calendar Module
WordPress Plugin Best Seo Remote Code Execution (1.5)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)