SAP NetWeaver Application Server OS Command Injection Vulnerability

A command injection vulnerability has been identified in the SAP NetWeaver Application Server for ABAP and ABAP Platform. This vulnerability allows authenticated attackers with administrative privileges to execute specially crafted shell commands on the server. The issue arises from the ability to inject commands that bypass the logging mechanism, enabling the execution of unintended operating system commands without detection. This could potentially disrupt the application's integrity and availability, although it does not affect confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands, with potential negative effects on the application's integrity and availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying patches and addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.