Recon: Vulnerability gives hackers administrator rights for SAP servers

Attackers may be able to set up a SAP administrator account. This gives them complete control over unpatched SAP applications. A large number of SAP products such as S / 4 HANA, SCM, CRM and Enterprise Portal are affected.

SAP has released a security update that removes a critical vulnerability in its software. The vulnerability, known as Recon, was discovered in May by the cloud security company Onapsis and reported to the Walldorf-based software company. Cybercriminals may be able to create an SAP user account with full rights for SAP applications accessible over the Internet, which would give them complete control over all of a company’s SAP resources.

SAP (Image: SAP)All SAP applications based on SAP NetWeaver Java are affected. The real error, however, is in the LM Configuration Wizard component that belongs to the SAP NetWeaver Application Server (AS).

This component is used in many SAP products, including SAP S / 4 HANA, SAP SCM, SAP CRM, SAP Enterprise Portal and SAP Solution Manager (SolMan). Other SAP applications that run the NetWeaver Java Technology Stack can also be attacked. Onapsis estimates that systems from around 40,000 SAP customers are affected.

The security provider emphasizes that not all customers have configured applications to be accessible over the Internet. Onapsis found around 2500 SAP systems in its own scans that meet this criterion and are susceptible to the Recon bug.

SAP customers should install the patch as soon as possible. According to Onapsis, it is one of the few security gaps that are rated ten points in the ten-level Common Vulnerability Scoring System (CVSS). This means that Recon can easily be used for automated attacks without any technical knowledge. No valid login details are required either.

The patches are available from SAP via the v. Unprotected systems allow security researchers to steal confidential data and even information about proprietary technologies. The US Department of Homeland Security’s Cybersecurity and Infrastructure Agency has also warned of the risks of the vulnerability.

Similar serious bugs have recently been discovered in Palo Alto Networks and F5 applications. Oracle, Citrix and Juniper also recently eliminated vulnerabilities with high security ratings.

Online seminar: Network security and network monitoring in the new normal

The Gigamon Visibility Platform is the catalyst for the fast and optimized provision of data traffic for security tools, network performance and application performance monitoring. Find out in this webinar how Gigamon solutions can increase the efficiency of your security architecture and save costs.

Leave a Reply

Your email address will not be published. Required fields are marked *