Hello all, I have a quick question for you. I received an email from one of our consultants from the audit team for NetWeaver Portal. We are running Portal 6 (6.40). Below is the content of the mail received from her.
"Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user."
I wonder what this means to us. I don't know if there is a Patch 136 for Web AS 6.40. I don't know if it means Support Pack at all. The person from the auditing team, she is no more with us. Does this ring any bell for any of you guys? Could this be Kernel level? Let me know.