The Latest in IT Security

Critical flaw gives attackers control of vulnerable SAP business applications

14
Jul
2020
Critical flaw gives attackers control of vulnerable SAP business applications

image credit: pixabay

SAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.

The flaw affects a variety of SAP business solutions, including SAP Enterprise Resource Planning (ERP), SAP Supply Chain Management (SCM), SAP HR Portal, and others.

About the vulnerability (CVE-2020-6287)

Discovered and reported by Onapsis researchers and dubbed RECON, CVE-2020-6287 is due to the lack of authentication in a web component (LM Configuration Wizard) of the SAP NetWeaver AS for Java versions 7.30 to 7.50. The vulnerability can be exploited through an HTTP interface – typically exposed to end users and often to the internet.

Read More

Comments are closed.

Categories

TUESDAY, SEPTEMBER 29, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments