Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

RECON bug lets hackers create admin accounts on SAP servers

July 14, 2020
in Internet Security
RECON bug lets hackers create admin accounts on SAP servers
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched.

Onapsis says RECON allows malicious threat actors to create an SAP user account with maximum privileges on SAP applications exposed on the internet, granting attackers full control over the hacked companies’ SAP resources.

You might also like

FTC joins 38 states in takedown of massive charity robocall operation

Accellion zero-day claims a new victim in cybersecurity company Qualys

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

Bug impacts many major SAP apps

The vulnerability is easy to exploit and resides in a default component included in every SAP application running the SAP NetWeaver Java technology stack — namely in the LM Configuration Wizard component part of the SAP NetWeaver Application Server (AS).

The component is used in some of SAP’s most popular products, including SAP S/4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, and SAP Solution Manager (SolMan).

Other SAP applications running the SAP NetWeaver Java technology stack are also impacted. Onapsis estimates the number of affected companies at around 40,000 SAP customers; however, not all of them expose the vulnerable application directly on the internet.

Onapsis says a scan they carried out discovered around 2,500 SAP systems directly exposed to the internet that are currently vulnerable to the RECON bug.

A “severity 10” bug

The urgency around applying this patch is warranted. Onapsis said the RECON bug is one of those rare vulnerabilities that received a maximum 10 out of 10 rating on the CVSSv3 vulnerability severity scale.

The 10 score means the bug is easy to exploit, as it doesn’t involve technical knowledge; can be automated for remote attacks over the internet; and doesn’t require the attacker have an account on an SAP app already or valid credentials.

Coincidentally, this is the third major CVSS 10/10 bug disclosed in the last few weeks. Similar critical bugs were also disclosed in PAN-OS (the operating system for Palo Alto Networks firewalls and VPN devices) and in F5’s BIG-IP traffic shaping server (one of the most popular networking devices today).

Furthermore, it’s also been a rough patch for the enterprise sector, with similarly bad vulnerabilities disclosed in Oracle, Citrix, and Juniper devices; all bugs with high severity ratings, and being easy to exploit.

Many of these vulnerabilities have already come under fire and are being exploited by hackers, such as the PAN-OS, F5, and Citrix bugs.

Administrators of SAP systems are advised to apply SAP’s patches as soon as possible, as Onapsis warned that the bug could let hackers take full control of a company’s SAP applications and then steal proprietary technology and user data from internal systems.

SAP patches will be listed and available on the company’s security portal in the next few hours.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) has also issued a security alert today urging companies to deploy the patches as soon as possible.

RECON is also tracked as CVE-2020-6287.

Credit: Zdnet

Previous Post

Machine Learning Market Size, Share, Statistics, Demand and Revenue, Forecast 2026

Next Post

Ignite Ltd,Yodlee,Trill A.I.,MindTitan,Accenture,ZestFinance – Cole of Duty

Related Posts

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Next Post
Ignite Ltd,Yodlee,Trill A.I.,MindTitan,Accenture,ZestFinance – Cole of Duty

Ignite Ltd,Yodlee,Trill A.I.,MindTitan,Accenture,ZestFinance – Cole of Duty

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Autonomous Cars And Minecraft Have This In Common  
Artificial Intelligence

Autonomous Cars And Minecraft Have This In Common  

March 5, 2021
The ML Times Is Growing – A Letter from the New Editor in Chief – Machine Learning Times
Machine Learning

Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times

March 5, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  
Artificial Intelligence

Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  

March 5, 2021
How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU
Machine Learning

How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Autonomous Cars And Minecraft Have This In Common   March 5, 2021
  • Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times March 5, 2021
  • FTC joins 38 states in takedown of massive charity robocall operation March 5, 2021
  • Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates