Java?
What is the significance of the app having been developed in Java have to do with anything? The bug is nothing to do with the runtime but bug in the application itself and is only going to bring out the "java is insecure" brigade.
A Java application from SAP that allows downloading of software packages and support notes needs patching following the discovery of a serious security flaw. Core Security found that an attacker who manages to get access to a user's configuration file in SAP’s Download Manager might be able to obtain the stored proxy password …