SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.