This vulnerability is due to insufficient validation of the OPM_BVNAME parameter when processing requests sent to APMIntegBusinessViewHandler servlet. A remote, unauthenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server. Successful exploitation could lead to arbitrary code execution in the security context of SYSTEM.