Critical Vulnerability Hits SAP Enterprise ApplicationsCritical Vulnerability Hits SAP Enterprise Applications
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.
July 14, 2020

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a critical vulnerability in SAP NetWeaver AS Java. The vulnerability could allow an unauthenticated attacker to use HTTP for takeover of applications built using NetWeaver.
The vulnerability, CVE-2020-6287, involves a lack of authentication in a web component of NetWeaver AS Java. Because of the nature of the components, applications across a broad swath of business-critical enterprise SAP installations could be affected.
Dubbed "Remote Exploitable Code on Netweaver" (RECON) by the researchers at Onapsis who discovered it, the vulnerability has been given a CVSS score of 10, the most critical.
SAP has issued a patch for the vulnerability. Both SAP and CISA urge SAP customers to apply the patch immediately.
Read more here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023