Critical SAP RECON Vulnerability: Who Is At Risk & How to Protect Your Business

Protecting SAP from the Latest RECON Vulnerability 

SAP’s July Security Notes include a fix for a critical vulnerability – CVSS score of 10 out of 10 – named RECON. Successfully exploiting RECON could give an unauthenticated attacker full access to the affected SAP system, including the ability to modify financial records, view personal identifiable information (PII), corrupt data, delete or modify logs and traces, and other actions that put essential business operations and regulatory compliance at risk.

The Onapsis Research Labs first identified this vulnerability in May 2020 and has worked closely with the SAP Security Response Team on a mitigation strategy. More than 40,000 SAP customers may be vulnerable to RECON, with upwards of 2,500 Internet-facing systems facing even greater risk.