We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details.
SEC Consult will today, we're told, reveal the nitty-gritty of the flaw on its website, giving miscreants the info they need to exploit any vulnerable systems they can find. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April. It was patched in May.
This critical-severity bug – scoring 9.9 out of 10 on the CVSS v3 meter – can be exploited by a rogue authenticated user, or someone whose access has been hijacked, to inject arbitrary code into an application server. This mean ..
Support the originator by clicking the read the rest link below.
