SAP jConnect is a Java-based protocol used for connecting to SAP systems. It's primarily used by SAP developers and administrators to interact with the SAP system. The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a deserialization vulnerability in the SAP jConnect protocol, which can lead to remote code execution.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Contact SAP directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict network access to your SAP jConnect instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation