web-tools in SAP DB prior to 7.4.03.30 allows remote malicious users to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
sap sap db