Systems Affected
Outdated or misconfigured SAP systems
Overview
At least 36 organizations worldwide are affected by an SAP vulnerability [1] (link is external). Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications.
The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker Servlet contains a vulnerability that was patched by SAP in 2010. However, the vulnerability continues to affect outdated and misconfigured SAP systems.
Description
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks.
The Invoker Servlet vulnerability affects business applications running on SAP Java platforms.
See the entire Notice (with additional description, impact and and solutions at
https://www.us-cert.gov/ncas/alerts/TA16-132A
Hope this helps some.