SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver application server java 7.30 |
||
sap netweaver application server java 7.31 |
||
sap netweaver application server java 7.40 |
||
sap netweaver application server java 7.50 |
So please don't delay in applying updates, says, well, everyone Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates
SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of p...
10 out of 10: Great in a test score, less good when it's for the severity of a flaw SAP rolls out early Q2 numbers, says 18% decline in licensing revenue is an 'improvement'
SAP customers should update their installations to close a security vulnerability that can be exploited to commandeer the software by anyone who can reach it. Dubbed RECON, aka Remotely Exploitable Code On NetWeaver, by its discoverers, security shop Onapsis, the bug in SAP's NetWeaver AS JAVA (LM Configuration Wizard) allows a remote unathenticated hacker to take over a vulnerable NetWeaver-based system by creating admin accounts without any authorization. The bug, CVE-2020-6287, is a lack of p...