Action:
- Apply the patch described in SAP note 2934135 - [CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard). The note contains download links for all AS Java versions.
- As a temporary workaround, disable the tc~lm~ctc~cul~startup_app application as described in Note 2939665. This application is not needed during normal operation.
It is of the utmost importance to apply this patch, and initially the workaround, as soon as possible. The threat posed by this security flaw cannot be overstated: a malicious intruder who obtains full privileges could arbitrarily steal, corrupt or destroy business data.