An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the NetWeaver AS ABAP. In addition, it is likely that the code will be implemented into the system as a backdoor.
5a75b13440345faa89ce27ef064614c82121ab50b4b42ab3b21bb4420ecb4fcf
SAP NetWeaver AS ABAP contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed.
f09b401a94dc0abc65731e388b4e547146fdc661d853f92abd976848dbd808a1
SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.
19387f24cc2e3fc9d5721e3adda4e660354e12481fa568f2e559c14584e13347