Hi Gurus,
I found the a post stating there is a Zero-Day exploit in the common collections function InvokerTransformer. Found by Gabriel Lawrence and Chris Frohoff shown in their presentation.
http://de.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
Until now I have found no SAP Security Notes relating to this and stating a possible solution or how if there are any tools affected.
Did anyone find any document related to this?
Edit: There was already an other post to this topic -> SAP AS Java affected from commons-collection vulnerability?
Kind regards,
Niklas