From US CERT:
“US-CERT is aware of vulnerabilities that exist in the SAP Message and DB Web Servers. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
More information regarding this vulnerability can be found in Vulnerability Note VU#305657 and VU#679041.
To help mitigate the security risk, US-CERT recommends users upgrade their SAP server to the latest version as soon as possible.”