Security News > 2020 > July > Open Source Tool Checks SAP Systems for RECON Attack IOCs
Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted.
RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.
SAP released patches earlier this month, but Onapsis warned at the time that over 40,000 SAP customers could be affected and the cybersecurity company estimated that at least 2,500 systems in North America, Europe and the APAC region were exposed to attacks from the internet.
This free tool is designed to conduct a blackbox scan of SAP applications to determine if they are vulnerable, and it performs a basic analysis of SAP application logs in an effort to determine if the RECON vulnerability has already been exploited against the user's organization.
The company also pointed out, "There are several known limitations of this tool and its usage should not be considered a guarantee that SAP applications are either not exposed to RECON or that the applications have not been compromised. Several conditions can affect the state of the assessed applications and/or log files, resulting in false positives and/or false negatives."
News URL
Related news
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-6287 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | 10.0 |