Onapsis Security Advisory – The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization’s SAP users.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86202/OSA-2010-004.txt
Source: https://packetstormsecurity.com/files/86202/SAP-J2EE-Authentication-Phishing-Vector.html