SAP NetWeaver SPML - XML CSRF user creation

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Command execution Exploits: YES Reported: 14.03.2011 Vendor response:16.03.2011 Date of Public Advisory:11.11.2011 CVSS: 7.3 Author: Alexandr Polyakov Description Attacker can create a new user in J2EE...