Security News > 2020 > July > Critical SAP Bug Allows Full Enterprise System Takeover

Critical SAP Bug Allows Full Enterprise System Takeover
2020-07-14 11:45

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers.

The bug has been named RECON by the Onapsis Research Labs researchers that found it, and it affects more than 40,000 SAP customers, they noted.

Put another way, an unauthenticated attacker could create a new SAP user with maximum privileges, bypassing all access and authorization controls and gaining full control of SAP systems, Nunez said.

"With SAP NetWeaver Java being a fundamental base layer for several SAP products, the specific impact would vary depending on the affected system," according to Onapsis, in a technical analysis released on Tuesday.

He added, "For SAP customers, critical vulnerabilities such as RECON highlight the need to protect mission-critical applications, by extending existing cybersecurity and compliance programs to ensure these applications are no longer in a blind spot.


News URL

https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 329 25 680 386 113 1204