Pressemitteilung

Onapsis veröffentlicht das kostenlose SAP RECON Vulnerability Scanning Tool zur schnellen Erkennung potenziell gefährdeter und exponierter SAP-Anwendungen

New free service and open source tool quickly determines potential indicators of compromise and vulnerable systems, helping all SAP customers to mitigate risk and protect mission-critical applications

BOSTON – 22. Juli 2020 - Onapsis, the leader in mission-critical application cybersecurity and compliance, today announced the release of INSTANT RECON, a free online service and downloadable open source scanning tool to quickly help organizations assess if their SAP applications are exposed and detect suspicious activity related to exploitation of the RECON vulnerability (CVE-2020-6287). The INSTANT RECON service is available for immediate use online or for download as an open source tool from the company’s GitHub-Repository to scan SAP systems and logs for potential indicators of compromise (IoC) and assess if systems may be vulnerable.

On July 14, 2020, Onapsis announced that the Onapsis Research Labs and the SAP Security Response Team worked together to mitigate a serious vulnerability, named RECON, which affects more than 40,000 SAP customers, with increased exposure for internet-facing systems. In conjunction, SAP released an official patch (SAP HotNews patch #2934135) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued Activity Alert AA20-195A. The RECON vulnerability is classified as critical in severity with a CVSS score of 10 out of 10. A successful exploit could allow an authenticated attacker to gain remote access to any vulnerable SAP system impacting the confidentiality, integrity and availability of mission-critical SAP applications, including SAP ERP, SAP SCM, SAP CRM, SAP PI, SAP Enterprise Portal, SAP Solution Manager and many more.

“In just a matter of days since the release of the RECON patch, we have seen an unprecedented volume of threat activity and speed of weaponization targeting RECON,” said Mariano Nunez, CEO of Onapsis. “This includes mass scanning for vulnerable internet-exposed SAP systems, the release of proof-of-concept and functional exploit code and individuals selling private RECON exploits on the dark web. This increasing activity is putting thousands of organizations and their most mission-critical applications at immediate risk. While The Onapsis Platform customers are already protected, this threat activity compelled the Onapsis research and development team to work around the clock and develop this open source tool to enable all SAP organizations to quickly understand their risk posture and evaluate if they may have been compromised, so they can take the appropriate remediation actions.” 

The Onapsis INSTANT RECON free service and open source tool allows SAP customers to scan systems online by analyzing SAP logs and checking internet-facing systems for the RECON vulnerability. It also provides the option to run the tool locally for scanning all SAP systems across their internal networks. Besides applying the official SAP patches, Onapsis strongly recommends that all SAP customers run this service or tool immediately to determine the potential threat exposure and vulnerable systems that must be secured, in order to keep SAP systems and business processes protected and in compliance with important regulatory mandates.

Kostenloser Zugang oder Download des INSTANT RECON-Dienstes und -Tools hier:

Additional Onapsis Cybersecurity and Compliance Solutions and Services for SAP

In addition to the RECON vulnerability, the Onapsis cybersecurity and compliance solution for SAP, The Onapsis Platform, provides automated assessments of SAP systems for hundreds of critical vulnerabilities and misconfigurations and continuously monitors for internal and external threats. To check for additional SAP vulnerabilities, organizations can request a complimentary Cyber-Risikobewertung from Onapsis today.

Über Onapsis

Onapsis schützt die geschäftskritischen Anwendungen, die die Weltwirtschaft steuern. Die Onapsis-Plattform bietet auf einzigartige Weise umsetzbare Erkenntnisse, sichere Änderungen, automatisierte Governance und kontinuierliche Überwachung für kritische Systeme – ERP-, CRM-, PLM-, HCM-, SCM- und BI-Anwendungen – von bekannten Anbietern wie SAP, Oracle und führenden Cloud-Anwendungen.

Onapsis hat seinen Hauptsitz in Boston, MA, mit Niederlassungen in Heidelberg, Deutschland und Buenos Aires, Argentinien. Wir sind stolz darauf, mehr als 300 der weltweit führenden Marken zu bedienen, darunter 20 % der Fortune 100, 6 der Top 10 Automobilunternehmen, 5 der Top 10 Chemieunternehmen, 4 der Top 10 Technologieunternehmen und 3 der Top 10 Ölunternehmen und Gasunternehmen.

Die Onapsis-Plattform wird von den Onapsis Research Labs betrieben, dem Team, das für die Entdeckung und Behebung von mehr als 800 Zero-Day-Schwachstellen in geschäftskritischen Anwendungen verantwortlich ist. Die Reichweite unserer Bedrohungsforschung und Plattform wird durch führende Beratungs- und Prüfungsunternehmen wie Accenture, Deloitte, IBM, PwC und Verizon erweitert. Damit werden Onapsis-Lösungen zum De-facto-Standard, wenn es darum geht, Unternehmen beim Schutz ihrer Cloud-, Hybrid- und On-Premise-Missionen zu unterstützen. kritische Informationen und Prozesse.

Für weitere Informationen kontaktieren Sie uns unter Twitter or LinkedInoder besuchen Sie uns unter https://www.onapsis.com.

Onapsis und Onapsis Research Labs sind eingetragene Marken von Onapsis Inc. Alle anderen Firmen- oder Produktnamen können eingetragene Marken ihrer jeweiligen Eigentümer sein.