Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/23/2020
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Onapsis Releases Free SAP RECON Vulnerability Scanning Tool

Open source tool quickly determines potential indicators of compromise and vulnerable systems.

BOSTON – July 22, 2020 – Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced the release of INSTANT RECON, a free online service and downloadable open source scanning tool to quickly help organizations assess if their SAP applications are exposed and detect suspicious activity related to exploitation of the RECON vulnerability (CVE-2020-6287). The INSTANT RECON service is available for immediate use online or for download as an open source tool from the company’s GitHub repository to scan SAP systems and logs for potential indicators of compromise (IoC) and assess if systems may be vulnerable.

On July 14, 2020, Onapsis announced that the Onapsis Research Labs and the SAP Security Response Team worked together to mitigate a serious vulnerability, named RECON, which affects more than 40,000 SAP customers, with increased exposure for internet-facing systems. In conjunction, SAP released an official patch (SAP HotNewspatch #2934135) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued Activity Alert AA20-195A. The RECON vulnerability is classified as critical in severity with a CVSS score of 10 out of 10. A successful exploit could allow an authenticated attacker to gain remote access to any vulnerable SAP system impacting the confidentiality, integrity and availability of mission-critical SAP applications, including SAP ERP, SAP SCM, SAP CRM, SAP PI, SAP Enterprise Portal, SAP Solution Manager and many more.

“In just a matter of days since the release of the RECON patch, we have seen an unprecedented volume of threat activity and speed of weaponization targeting RECON,” said Mariano Nunez, CEO of Onapsis. “This includes mass scanning for vulnerable internet-exposed SAP systems, the release of proof-of-concept and functional exploit code and individuals selling private RECON exploits on the dark web. This increasing activity is putting thousands of organizations and their most mission-critical applications at immediate risk. While The Onapsis Platform customers are already protected, this threat activity compelled the Onapsis research and development team to work around the clock and develop this open source tool to enable all SAP organizations to quickly understand their risk posture and evaluate if they may have been compromised, so they can take the appropriate remediation actions.”  

The Onapsis INSTANT RECON free service and open source tool allows SAP customers to scan systems online by analyzing SAP logs and checking internet-facing systems for the RECON vulnerability. It also provides the option to run the tool locally for scanning all SAP systems across their internal networks. Besides applying the official SAP patches, Onapsis strongly recommends that all SAP customers run this service or tool immediately to determine the potential threat exposure and vulnerable systems that must be secured, in order to keep SAP systems and business processes protected and in compliance with important regulatory mandates. 

Free access or download the INSTANT RECON service and tool here:

Additional Onapsis Cybersecurity and Compliance Solutions and Services for SAP

In addition to the RECON vulnerability, the Onapsis cybersecurity and compliance solution for SAP, The Onapsis Platform, provides automated assessments of SAP systems for hundreds of critical vulnerabilities and misconfigurations and continuously monitors for internal and external threats. To check for additional SAP vulnerabilities, organizations can request a complimentary Cyber Risk Assessment from Onapsis today.

About Onapsis

Onapsis protects the mission-critical applications that run the global economy. The Onapsis Platform uniquely delivers actionable insight, secure change, automated governance and continuous monitoring for critical systems—ERP, CRM, PLM, HCM, SCM and BI applications—from well-known vendors such as SAP, Oracle and leading cloud applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve more than 300 of the world’s leading brands, including 20% of the Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10 chemical companies, 4 of the top 10 technology companies and 3 of the top 10 oil and gas companies.

The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 800 zero-day vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon—making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on-premises mission-critical information and processes.

For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32813
PUBLISHED: 2021-08-03
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however...
CVE-2020-19303
PUBLISHED: 2021-08-03
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.
CVE-2020-19304
PUBLISHED: 2021-08-03
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVE-2020-19305
PUBLISHED: 2021-08-03
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2021-33335
PUBLISHED: 2021-08-03
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator us...