SAP engineers fixed a dangerous bug CVE-2020-6287, which affects most of the company's customers and applications. Back in May of this year, experts from the security company Onapsis, specializing in cloud security, discovered the bug. Vulnerabilities gave the name RECON (an abbreviation for Remotely Exploitable Code On NetWeaver) and it received 10 points out of 10 on the CVSSv3 vulnerability rating scale.
Such a rating means that the error is extremely easy to use, and its operation requires almost no technical knowledge. The vulnerability can also be used for automated remote attacks and does not require the attacker to already have an account in the SAP application or to know other people's credentials.
In their report, researchers warned that the bug allows attackers, bypassing all access control and authorization tools, to create new accounts for SAP applications available from the Internet with maximum privileges. In essence, this will give hackers full control over the SAP resources of compromised companies.
The vulnerability is easy to operate and is located in the default component, which is part of all SAP applications running on the Java stack of SAP NetWeaver versions 7.30-7.5. This is a component of the LM Configuration Wizard, which is part of the SAP NetWeaver Application Server (AS).
This component is used in many popular products, including SAP S / 4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, and also SAP Solution Manager (SolMan). Other SAP applications working with the SAP NetWeaver Java stack are also vulnerable. .
Onapsis experts suggest that the number of companies affected by this issue is approximately 40,000, although not all of them “shine” vulnerable applications on the Internet. Thus, a scan conducted by researchers showed that about 2500 SAP systems can be found on the network that are currently vulnerable to the RECON problem (33% in North America, 29% in Europe and 27% in the Asia-Pacific region).
SAP system administrators are advised install patches as soon as possible, since the vulnerability allows hackers to gain full control over the company's applications, steal proprietary data and user information.
In essence, after a successful attack, attackers withcan read, modify and delete any record, file or report in a compromised system. Thus, hackers open wA wide range of malicious capabilities, including reading, changing or deleting financial records, hiding or changing traces, logs and other files, as well as a complete disruption of the system, data corruption, and so on.