Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-6287

Published: 14/07/2020 Updated: 28/04/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 893
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Netweaver Application Server Java

Vulnerability Summary

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver application server java 7.30

sap netweaver application server java 7.31

sap netweaver application server java 7.40

sap netweaver application server java 7.50

Github Repositories

https://github.com/chipik/SAP_RECON

PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)

PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability) Pffff! RECON (Remotely Exploitable Code On NetWeaver)? Guys, really? That was the best codename you came up with? :) This scrip allows to check SAP LM Configuration Wizard missing authorization check vulnerability and as a PoC script exploits directory traversal in queryProtocol method Directory traversal allows to

https://github.com/Onapsis/CVE-2020-6287_RECON-scanner

Vulnerability Assessment and Indicator of Compromise (IoC) Scanner for CVE-2020-6287 (RECON) RECON (Remotely Exploitable Code On NetWeaver) is a critical (CVSSv3 10) vulnerability affecting a number of SAP business and technical applications running on top of the SAP NetWeaver Java stack This vulnerability was discovered by the Onapsis Research Labs, which collaborated closely

https://github.com/duc-nt/CVE-2020-6287-exploit

PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more admi…

CVE-2020-6287-exploit PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set Inspired by @zeroSteiner from metasploit Original Metasploit PR module: githubcom/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthenticated permission and no more administrator pe

https://github.com/pondoksiber/SAP-Pentest-Cheatsheet

SAP penetration testing Web and network cheatsheet

SAP-Pentest-Cheatsheet Bismillah For conducting the Pentest you should deploy SAP System on your Network SAP Web Interface Vulnerability Open Redirection Check HOST/sap/public/bc/icf/logoff?redirecturl=MALICIOUSURL Unsecured Protocol (HTTP) Check HOST:PORT/startPage HOST:PORT/sap/public/info System Informational Misconfiguration Check HOST:POR

https://github.com/qmakake/SAP_CVE-2020-6287_find_mandate

Checker help to verify created account or find it's mandat

SAP_CVE-2020-6287_find_mandate Checker help to verify created account or find it's mandat The script allows you to check whether the account was created when using the exploit RECONpy or find the mandate of the created account Exploit: githubcom/chipik/SAP_RECON Quick start: chmod +x /checker_CVE-2020-6287sh <start mndt> <stop mndt>

https://github.com/ynsmroztas/CVE-2020-6287-Sap-Add-User

sap netweaver portal add user administrator

CVE-2020-6287-Sap-Add-User sap netweaver portal add user administrator

https://github.com/murataydemir/CVE-2020-6287

[CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizard) Authentication Bypass (Create Simple & Administrator Java User)

[CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizard) Authentication Bypass (Create Simple & Administrator Java User) SAP NetWeaver is SAP’s integrated technology platform and the technical foundation of all SAP applications since SAP Business Suite SAP NetWeaver is a service-oriented application and integration platform that provides a development and

https://github.com/AirbusProtectOffensiveSecurity/SAP_StarterKit

Starter kit for SAP pentesting

SAP Comptes sapcom Deux types de comptes sapcom : P-User : Utilisateur public, qui peut participer à la communauté en ligne mais n'a pas accès à toutes les ressources S-User : Compte des servives utilisé par les clients et les partenaires SAP Permet notamment de télécharger des softs SAP comme le NW RFC SDK Ce type d

https://github.com/Mondirkb/My-nuclei-repo1

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

Recent Articles

SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers
The Register • Thomas Claburn in San Francisco • 06 Apr 2021

So please don't delay in applying updates, says, well, everyone Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates

SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of p...

Read more...
So kind of SAP NetWeaver to hand out admin accounts to anyone who can reach it. You'll want to patch this
The Register • Shaun Nichols in San Francisco • 14 Jul 2020

10 out of 10: Great in a test score, less good when it's for the severity of a flaw SAP rolls out early Q2 numbers, says 18% decline in licensing revenue is an 'improvement'

SAP customers should update their installations to close a security vulnerability that can be exploited to commandeer the software by anyone who can reach it. Dubbed RECON, aka Remotely Exploitable Code On NetWeaver, by its discoverers, security shop Onapsis, the bug in SAP's NetWeaver AS JAVA (LM Configuration Wizard) allows a remote unathenticated hacker to take over a vulnerable NetWeaver-based system by creating admin accounts without any authorization. The bug, CVE-2020-6287, is a lack of p...

Read more...

References

CWE-306https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675https://launchpad.support.sap.com/#/notes/2934135https://www.onapsis.com/recon-sap-cyber-security-vulnerabilityhttp://seclists.org/fulldisclosure/2021/Apr/6http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.htmlhttps://nvd.nist.govhttps://github.com/chipik/SAP_RECONhttps://www.theregister.co.uk/2020/07/14/sap_recon_bug/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook