Description
ERPScan discovered a vulnerability in SAP NetWeaver that allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication.
Remediation
Install SAP security patches 1467771, 1445998.
Change the value of EnableInvokerServletGlobally property of servlet_jsp service on the server nodes to false.
References
Related Vulnerabilities
WordPress Plugin CM Download Manager Code Injection (2.0.3)
WordPress Plugin WP e-Commerce Shop Styling Remote File Inclusion (1.7.2)
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
WordPress Plugin ThemeREX Addons Remote Code Execution (All)
F5 iControl REST unauthenticated remote command execution vulnerability