Security News > 2020 > July > So kind of SAP NetWeaver to hand out admin accounts to anyone who can reach it. You'll want to patch this
SAP customers should update their installations to close a security vulnerability that can be exploited to commandeer the software by anyone who can reach it.
Dubbed RECON, aka Remotely Exploitable Code On NetWeaver, by its discoverers, security shop Onapsis, the bug in SAP's NetWeaver AS JAVA allows a remote unathenticated hacker to take over a vulnerable NetWeaver-based system by creating admin accounts without any authorization.
"The RECON vulnerability affects a default component present in every SAP application running the SAP NetWeaver Java technology stack," said Onapsis.
"This technical component is used in many SAP business solutions, including SAP SCM, SAP CRM, SAP PI, SAP Enterprise Portal and SAP Solution Manager, impacting more than 40,000 SAP customers."
The flaw was kept under wraps until July 14, when SAP could put out a patch as part of its scheduled monthly security update cycle.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/14/sap_recon_bug/