|Check Point Reference:||CPAI-2012-407|
|Date Published:||14 Oct 2012|
|Protection Provided by:||
|Who is Vulnerable?|| SAP NetWeaver 7.02 |
|Vulnerability Description||A command execution vulnerability has been reported in SAP NetWeaver.|
|Vulnerability Details||The vulnerability is due to insufficient validation of incoming SOAP requests. A remote attacker could exploit this vulnerability by sending a malicious request to the affected service. Successful exploitation of this vulnerability can result in arbitrary command execution in the security context of the Administrator user.|
This protection will detect and block the transferring of a specially crafted SOAP request to the affected service.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: Application Servers Protection Violation
Attack Information: SAP NetWeaver SOAP Interface Arbitrary Command Execution