Critical SAP Bug allows hackers to take over Full Enterprise System

Junez

bugs

A critical bug in SAP carried a severity score 10 out of 10 on CvSS bug severity scale.

SAP is one of the popular enterprise resource planning software in the world with a wide market area. Since it has a wide market area, it may contain plenty of sensitive information.

This bug has been assigned with CVE id CVE-2020-6287 and named RECON by Onapsis research labs. According to researchers, it may affect more than 40,000 SAP customers.

Check Cyber Security category for more related posts.

RECON stands for “Remotely Exploitable Code on NetWeaver”. This vulnerability is present in SAP NetWeaver Java versions 7.30 to 7.50.

SAP NetWeaver AS for Java Vulnerability

This vulnerability affects the default components present in the SAP application running SAP NetWeaver. This component is used in many SAP business solutions which includes SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, SAP Solution Manager (SolMan) and more.

This vulnerability is introduced due to no authentication for a web component SAP NetWeaver AS for Java. It allowed several high privileged activities in the system.

On successful exploitation of this vulnerability may lead to creating a user with maximum privileges and can be used to change sensitive data and take over the system with privileges.

The patch for this vulnerability is rolled out by SAP on July 14, 2020 and submitted DHS to alert all SAP customers. Since the vulnerability is disclosed, any experienced hacker may exploit in a short span. It is recommended to update the patch in the system.

For more related content follow us on Twitter, Telegram, Facebook.