CVE-2010-5326

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java versions prior to 7.3

Description The issue is related to the Invoker Servlet component of the SAP NetWeaver Java Application Server, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to execute arbitrary code or gain full control of the system by sending specially crafted HTTP or HTTPS requests. The vulnerability has been exploited in the wild from 2013 to 2016, in what is known as a "Detour" attack.

Recommendations For versions prior to 7.3, consider disabling the Invoker Servlet component until a patch is available to prevent remote code execution. Restrict access to the Invoker Servlet to minimize the risk of exploitation. Avoid using the Invoker Servlet for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.