Une vulnérabilité découverte dans NetWeaver Application Server Java de SAP permet à un cyberpirate de prendre un contrôle système complet sans authentification. Un correctif à appliquer d'urgence est disponible.

Esta vulnerabilidad se encuentra en un componente central que reside en la mayoría de las implementaciones predeterminadas de la compañía y que puede explotarse de forma remota sin necesidad de nombre de usuario y contraseña.

The US government is urging SAP customers to patch a critical vulnerability published earlier this week, which could affect as many as 40,000 customers.

10 out of 10: Great in a test score, less good when it's for the severity of a flaw

SAP released updates for critical security vulnerability found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50.

The second Tuesday of each month is best known among security professionals as Patch Tuesday, the day Microsoft Corp. releases patches for security vulnerabilities across its products. This time it’s a party, as SAP SE, Adobe Systems Inc. and Google LLC all addressed security issues today as well.

Recently, SAP patched a critical flaw affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of the several products and solutions deployed in most SAP environments.

Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced that the Onapsis Research Labs and the SAP Security Response Team worked together to mitigate a serious vulnerability, named RECON (Remotely Exploitable Code On NetWeaver), which affects more than 40,000 SAP customers, with increased exposure for internet-facing systems.