News & Press

The US government is urging SAP customers to patch a critical vulnerability published earlier this week, which could affect as many as 40,000 customers.

10 out of 10: Great in a test score, less good when it's for the severity of a flaw

SAP released updates for critical security vulnerability found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50.

The second Tuesday of each month is best known among security professionals as Patch Tuesday, the day Microsoft Corp. releases patches for security vulnerabilities across its products. This time it’s a party, as SAP SE, Adobe Systems Inc. and Google LLC all addressed security issues today as well.

Recently, SAP patched a critical flaw affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of the several products and solutions deployed in most SAP environments.

Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced that the Onapsis Research Labs and the SAP Security Response Team worked together to mitigate a serious vulnerability, named RECON (Remotely Exploitable Code On NetWeaver), which affects more than 40,000 SAP customers, with increased exposure for internet-facing systems.

Um invasor não autenticado pode obter acesso irrestrito ao sistemas SAP através da criação de usuários e da execução de comandos do sistema operacional

IT giant SAP addressed a critical flaw, tracked as CVE-2020-6287 and dubbed RECON, that could allow attackers to take over corporate servers.