SAP Wily Introscope Enterprise Manager JNLP File Vulnerability Allowing OS Command Execution

A vulnerability exists in SAP Wily Introscope Enterprise Manager (WorkStation) due to the use of a flawed third-party component. This issue allows an unauthenticated attacker to create a malicious JNLP (Java Network Launch Protocol) file that can be accessed via a public-facing URL. When a victim clicks on the URL, the Wily Introscope Server could execute operating system commands on the victim's machine, potentially compromising the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the victim's machine, allowing for a complete compromise of the system's confidentiality, integrity, and availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.