Main › Blog › CYBERSECURITY NEWS V. 23.07 - Critical SAP Bug

CYBERSECURITY NEWS V. 23.07 – Critical SAP Bug

23 07

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

Critical SAP Bug

A recently discovered SAP bug gain severity score 10 from 10. Its successful exploitation could lead to a full compromise of the enterprise internal systems. Attackers would be able to erase data and execute code. Vulnerability got CVE-2020-6287 and presented in every SAP system that runs SAP NetWeaver Java technology stack which does not perform an authentication check. Affected SAP NetWeaver AS JAVA versions include 7.30, 7.31, 7.40, 7.50. Overall the bug poses threat to almost 40000 SAP customers all over the globe.

hexway commentary:

Critical bugs in SAP are unusual occurrences, especially as critical bugs as this one. (This is all because there are not so many companies in the world that specialize in the SAP security systems).

The detected vulnerability is critical, easy to exploit, and could cause a lot of troubles. But there is good news, the vulnerability is easy to fix. So it’s recommended that all SAP systems owners do not delay the SAP notes installation (this is the so-called SAP patches). One of our researchers has developed a utility that will help you check whether your SAP system is vulnerable to vulnerabilities CVE-2020-6287, CVE-2020-6286 or not.

red team

Try Hive now

online demo

red team

Updates

See all

Hexway Pentest Suite Markdown code syntax highlights UI fixes new hotkeys

14 February 2024

0.62. New filters, new MD hotkeys, security patches and more

Hexway ASOC GitLab integration

5 February 2024

Hexway ASOC Update: In-depth GitLab integration

Hexway ASOC SBOM CycloneDx

New Hexway ASOC Update: SBOM files in CycloneDx format

20 November 2023

0.61.1. New reports, diagrams, project list & more

0.59.1. Internal task tracker, better checklists

15 September 2023

0.58.1. Right-to-Left text support, DOCX bookmarks, automated project creation

August 0.57. Project templates, password policy, HashiCorp support

June 0.55. GPT integration, MacOS support & Apiary localization

hexway cvss calculator

May 0.54. CVSS calculator & amazing improvements

April 0.53. Read-only Apiary rights, project search & Jira comments

March 0.51.2 version. Apiary project groups, CSV issue export & advanced Hive filters.

Hexway update. Cross-project Apiary dashboard, Apiary email notifications, Qualys integration, Issue pagination, New Apiary navigation, Blocked user groups for LDAP, Security updates

3 February 2023

February 0.49.3 version. Cross-project dashboard, email notifications, new integration & a lot more

29 December 2022

December Hexway 0.48.1 version. SLA, Acunetix & logo replace.

new hexway update — issue merge & new project feed

30 November 2022

November 0.47.2 version. Duplicated issue merging & updated project feed.

0.46 update image

31 October 2022

Spooky 0.46 version. Hive LDAP, checklist summary & new parsers!

Hive-Apiary-Jira cycle

12 September 2022

September 2022. 0.44 version. Jira reverse sync & mass issue actions

cats working on pentest

July 2022. 0.43 version. Custom issue statuses & status sync.

cat in public presentation

June 2022 Hive & Apiary update. 0.41 version. PPTX reporting & Vulnerability linking

April 2022 Hive & Apiary 0.39 version. Multi-Factor Authentication and Checklist Cards

checklists sync

Hexway Hive 0.37.1 version. Checklists and methodologies sync with Apiary

Hive 0.36 version. New report generator & custom issues

9 February 2022

Hive 0.35 version. Renovated checklists

рембокот 100 2

22 December 2021

Hive 0.33.1 version. Log4J & issue statuses

hexway cat with amass and nuclei

15 November 2021

Hive 0.30.1 version. Nuclei & Amass integrations

blog illustration user request features

22 September 2021

Hive 0.27 version. Labor dashboard & notifications

Hive 0.26.1 version. Scope diff, issues templates and advanced filters

banner

Hive 0.23 version. Advanced import, project dashboard, credential store and more!

cover

Hive API. The easiest way to integrate your tool with Hexway Hive

Group 821

Hive 0.20.1 version. New parser engine and Metasploit & Cobalt Strike integration

nessus update

Hexway Hive 0.13.1 version. Nessus integration

Screenshot 2021 03 11 at 16.24.12

Hexway Hive online demo version is out!

support@hexway.io

Copyright © 2024 Hexway.
All rights reserved

Workspaces

PTaaS platform

ASOC platform

Explore

Pricing

Downloads

Docs

Branded reports

Why PTaaS

Resources

Blog

Research

Privacy policy

Stay up to date