CYBERSECURITY NEWS V. 23.07 – Critical SAP Bug

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

Critical SAP Bug 

A recently discovered SAP bug gain severity score 10 from 10. Its successful exploitation could lead to a full compromise of the enterprise internal systems. Attackers would be able to erase data and execute code. Vulnerability got CVE-2020-6287 and presented in every SAP system that runs SAP NetWeaver Java technology stack which does not perform an authentication check. Affected SAP NetWeaver AS JAVA versions include 7.30, 7.31, 7.40, 7.50. Overall the bug poses threat to almost 40000 SAP customers all over the globe.

hexway commentary:

Critical bugs in SAP are unusual occurrences, especially as critical bugs as this one. (This is all because there are not so many companies in the world that specialize in the SAP security systems).

The detected vulnerability is critical, easy to exploit, and could cause a lot of troubles. But there is good news, the vulnerability is easy to fix. So it’s recommended that all SAP systems owners do not delay the SAP notes installation (this is the so-called SAP patches). One of our researchers has developed a utility that will help you check whether your SAP system is vulnerable to vulnerabilities CVE-2020-6287, CVE-2020-6286 or not.