Um invasor não autenticado pode obter acesso irrestrito ao sistemas SAP através da criação de usuários e da execução de comandos do sistema operacional
Stay on top of the latest media coverage, and company and product announcements from the leader in business-critical application security and compliance solutions.

Critical SAP Recon vulnerability exposes thousands of system to full take over
IT giant SAP addressed a critical flaw, tracked as CVE-2020-6287 and dubbed RECON, that could allow attackers to take over corporate servers.

SAP Recon critical vulnerability, affected over 40,000 customers
SAP ha corretto una vulnerabilità critica che ha interessato oltre 40.000 clienti analizzato nelle versioni SAP NetWeaver AS JAVA (LM Configuration Wizard) , un componente chiave di numerose soluzioni e prodotti implementati nella maggior parte degli ambienti SAP.

Recon: Vulnerability gives hackers administrator rights for SAP servers
Angreifer können unter Umständen ein SAP-Administratorkonto einrichten. Das gibt ihnen die vollständige Kontrolle über ungepatchte SAP-Anwendungen. Betroffen sind eine Vielzahl von SAP-Produkten wie S/4 HANA, SCM, CRM und Enterprise Portal.

Critical Vulnerability Hits SAP Enterprise Applications
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.

RECON Bug: Hackers Can Now Create Admin Accounts on SAP Servers
The technological world faces the grave danger of the RECON bug which easily exposes different firms to the hacking world.

Critical SAP Vulnerability Could Lead to Corporate Network Takeover
SAP has released the July 2020 Patch, fixing 15 vulnerabilities, with two of them being highly critical (CVSS 10). These could lead to corporate server network takeover.

SAP patches critical NetWeaver flaw that could compromise thousands of customers
An unauthenticated attacker could create an admin account with maximum privileges, researchers claim.

SAP patches critical flaw that lets hackers seize control of servers
The rare 10/10 vulnerability on the CVSS scale affects a host of apps including ERP and CRM platforms

Horror SAP Bug (CVSS: 10) Gives Unauthenticated Attacker Admin Privileges
An unauthenticated attacker (no username or password required) can create a new SAP user with maximum privileges