The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
http://www.securityfocus.com/bid/75165
http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html
https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials/
https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials/
http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015
Source: Mitre, NVD
Published: 2015-06-24
Updated: 2026-06-17
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.01584