A reportedly serious security bug affects the J2EE (Java 2 Platform Enterprise Edition) engine in SAP’s NetWeaver middleware. The bug was discussed by security researcher and ERPScan CTO Alexander Polyakov. The vulnerability makes it possible to crack SAP systems over the Internet by circumventing authorization checks, Polyakov wrote in a blog post. SAP says it will deliver a patch to its customers “shortly” The news comes shortly after Oracle’s release of Java SE 7. The language update shipped with bugs that Oracle engineers knew about prior to the release.”]
Source: https://www.csoonline.com/article/2129314/sap-will-issue-patch-for-netweaver-vulnerability.html