Description
SAP NetWeaver AS JAVA (LM Configuration Wizard) does not perform an authentication check which allows an attacker to execute configuration tasks to perform critical actions against the SAP Java system.
Remediation
Install SAP security patches #2934135, #2939665.
References
Related Vulnerabilities
Dotclear Improper Authentication Vulnerability (CVE-2014-3781)
Grafana Improper Authentication Vulnerability (CVE-2021-28148)
IBM WebSEAL Improper Authentication Vulnerability (CVE-2018-1443)
WordPress 3.8.1 Multiple Vulnerabilities (3.8 - 3.8.1)
WooCommerce Payments Authentication Bypass and Privilege Escalation