Critical SAP Bug Allows Full Enterprise System Takeover

2020-07-14 11:45

A critical vulnerability, carrying a severity score of 10 out of 10 on the CvSS bug-severity scale, has been disclosed for SAP customers.

The bug has been named RECON by the Onapsis Research Labs researchers that found it, and it affects more than 40,000 SAP customers, they noted.

Put another way, an unauthenticated attacker could create a new SAP user with maximum privileges, bypassing all access and authorization controls and gaining full control of SAP systems, Nunez said.

"With SAP NetWeaver Java being a fundamental base layer for several SAP products, the specific impact would vary depending on the affected system," according to Onapsis, in a technical analysis released on Tuesday.

He added, "For SAP customers, critical vulnerabilities such as RECON highlight the need to protect mission-critical applications, by extending existing cybersecurity and compliance programs to ensure these applications are no longer in a blind spot.

News URL

https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/

#critical #SAP #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
SAP		386	110	936	249	94	1389

News URL

Related news

Related vendor