Critical Vulnerability Hits SAP Enterprise ApplicationsCritical Vulnerability Hits SAP Enterprise Applications
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.
July 14, 2020
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a critical vulnerability in SAP NetWeaver AS Java. The vulnerability could allow an unauthenticated attacker to use HTTP for takeover of applications built using NetWeaver.
The vulnerability, CVE-2020-6287, involves a lack of authentication in a web component of NetWeaver AS Java. Because of the nature of the components, applications across a broad swath of business-critical enterprise SAP installations could be affected.
Dubbed "Remote Exploitable Code on Netweaver" (RECON) by the researchers at Onapsis who discovered it, the vulnerability has been given a CVSS score of 10, the most critical.
SAP has issued a patch for the vulnerability. Both SAP and CISA urge SAP customers to apply the patch immediately.
Read more here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
2021 Banking and Financial Services Industry Cyber Threat Landscape Report
2021 Gartner Market Guide for Managed Detection and Response Report