Home > Cyber News > CVE-2020-6287: RECON Vulnerability Used To Hack Into SAP Systems
CYBER NEWS

CVE-2020-6287: RECON Vulnerability Used To Hack Into SAP Systems

by   |  Last Update:  |  0 Comments  

A dangerous RECON bug is being used by computer hackers to breach into SAP systems. This vulnerability was patched by SAP in their latest security update, and is also tracked in the CVE-2020-6287 advisory. This new wave of intrusions is a typical hacker tactic which is often done against enterprise systems and networks.




RECON Vulnerability Tracked in CVE-2020-6287 Used Against SAP Systems

A dangerous security vulnerability has been detected in SAP systems, which is being abused by hacking groups. However, many of the already installed systems are still not patched and the hackers can continue to use this attack method.

The issue itself is tracked in the CVE-2020-6287 advisory which gives further insight on the type of intrusion. The weak spot was identified in the SAP NetWeaver Application which contains a Java component called the LM Configuration Wizard. This particular component allows criminals to exploit it. This component is integrated into some of the most popular SAP products and services including the following:

SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, and SAP Solution Manager (SolMan)

It is estimated that the number of affected companies that include this software include around 400,000 businesses. An independent security audit reveals that there are 2,500 SAP systems which are exposed to the Internet and are found to be vulnerable to the RECON bug.

This particular bug has also been rated with the maximum critical score — something that is very rare for bugs being used in such systems. This is explained by the relatively easy way to exploit the target systems — the attackers do not need to have any accounts on the systems or depend on a brute force attack.

It is expected that such vulnerabilities will continue to de used as many systems are still not patched. We urge all SAP system implementations to be updated with the latest fix as soon as possible.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2021-21477: Critical Vulnerability in SAP Commerce Platform A new critical vulnerability affecting the SAP Commerce platform was...
  2. Critical Vulnerabilities in SAP Business Client Products (CVE-2021-27602) “On 13th of April 2021, SAP Security Patch Day saw...
  3. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  4. Dangerous Vulnerabilities in SAP Mission-Critical Applications, Patch Now Hackers are currently exploiting several security vulnerabilities in popular mission-critical...
  5. Severe Vulnerabilities in SAP HANA Platform Could Allow Full Control SAP HANA platforms have been just found vulnerable, containing several...
  6. Stolen LiveAuctioneers Passwords Put On Sale By Hacker Computer security analysts have uncovered that computer hackers that have...
  7. Which Are The Most Secure Smartphones PRICE TOTAL SCORE OS VPN ENCRYPTION TRACK BLOCK FINGERPRINT 1...
  8. New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044) Users should patch several new browser vulnerabilities affecting Chrome, Firefox,...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree