A bug in SAP NetWeaver AS JAVA (LM Configuration Wizard) has been discovered. This allows an unidentified hacker to take over a vulnerable NetWeave system without creating administrator accounts with authorization.
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions – 7.30, 7.31, 7.40, 7.50, does not perform an authentication check that allows an attacker to perform configuration tasks without prior authentication to perform critical actions against the SAP Java system, including the ability to create an administrative user, thereby compromising the confidentiality, integrity, and availability of the system, resulting in missing verification verification.
Read everything here with tips.
–
