Security News > 2020 > July > Open Source Tool Checks SAP Systems for RECON Attack IOCs

Open Source Tool Checks SAP Systems for RECON Attack IOCs
2020-07-23 03:26

Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted.

RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.

SAP released patches earlier this month, but Onapsis warned at the time that over 40,000 SAP customers could be affected and the cybersecurity company estimated that at least 2,500 systems in North America, Europe and the APAC region were exposed to attacks from the internet.

This free tool is designed to conduct a blackbox scan of SAP applications to determine if they are vulnerable, and it performs a basic analysis of SAP application logs in an effort to determine if the RECON vulnerability has already been exploited against the user's organization.

The company also pointed out, "There are several known limitations of this tool and its usage should not be considered a guarantee that SAP applications are either not exposed to RECON or that the applications have not been compromised. Several conditions can affect the state of the assessed applications and/or log files, resulting in false positives and/or false negatives."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Ub3DMAHQdAo/open-source-tool-checks-sap-systems-recon-attack-iocs

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-6287 Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 329 25 680 386 113 1204