23 July 2020

CYBERSECURITY NEWS V. 23.07 – Critical SAP Bug

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

Critical SAP Bug

A recently discovered SAP bug gain severity score 10 from 10. Its successful exploitation could lead to a full compromise of the enterprise internal systems. Attackers would be able to erase data and execute code. Vulnerability got CVE-2020-6287 and presented in every SAP system that runs SAP NetWeaver Java technology stack which does not perform an authentication check. Affected SAP NetWeaver AS JAVA versions include 7.30, 7.31, 7.40, 7.50. Overall the bug poses threat to almost 40000 SAP customers all over the globe.

hexway commentary:

Critical bugs in SAP are unusual occurrences, especially as critical bugs as this one. (This is all because there are not so many companies in the world that specialize in the SAP security systems).

The detected vulnerability is critical, easy to exploit, and could cause a lot of troubles. But there is good news, the vulnerability is easy to fix. So it’s recommended that all SAP systems owners do not delay the SAP notes installation (this is the so-called SAP patches). One of our researchers has developed a utility that will help you check whether your SAP system is vulnerable to vulnerabilities CVE-2020-6287, CVE-2020-6286 or not.

Try Hexway online

Related posts

Blog

See all

27 December 2021

It’s 2022 on the way

Firstly, we want to say thank you for your feedback and how it has shaped the Hexway platform this year. Do you remember our first Hive release? It was January 2021. And now, 30 versions later, we'd like to thank ...

22 December 2021

NEW UPDATE. HIVE. VERSION 0.33.1

A vulnerability was found aaaand fixed, don't worry! What's in this update? Log4j vulnerability fix Draft & Ready issue statuses Bugfix we hope will make your life better! Log4j vulnerability fix You've definitely heard about this whole Log4j vulnerability situation. ...

6 December 2021

CYBERSECURITY NEWS V. November – Apple vs NSO Group, 45M VPN users’ data leakage, Panasonic Data Breach

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple vs NSO Group Apple sues NSO Group over the Pegasus spyware. Apple asks the court to ban the ...

15 November 2021

CYBERSECURITY NEWS V. October – Global crash of Facebook, Leaked Twitch source code, Acer hacked

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Global crash of Facebook, Instagram, and WhatsApp On October 4, at about 11:44 EDT, Facebook, Instagram and WhatsApp went ...

nuclei and amass friends w/ Hexway

15 November 2021

NEW UPDATE. HIVE. VERSION 0.30.1

Hey, hexwayers! We are happy to have all of you here. So, let's take a short tour around our new update. We’ve added Nuclei and Amass scanners integration. Yay! What’s in this update? Nuclei scanner export Amass scanner export Interface ...

11 October 2021

CYBERSECURITY NEWS V. September – BrakTooth vulnerabilities, 500k Fortinet VPN accounts leak, JVC Kenwood hacked

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple Pay with Visa card allows paying with locked iPhones Researchers discovered a way to make fraudulent payments using ...

22 September 2021

NEW UPDATE. HIVE. VERSION 0.27.0

Hey Hexwayers & our guests! A new day brings you a new release. What’s in it for you today? Cross-project pentesters labor dashboard Notification system update Utility name import via API Bugfix & other small upgrades Let’s have a closer ...

7 September 2021

CYBERSECURITY NEWS V. August – T-Mobile hack, Largest DDoS attack, ProxyShell vulnerabilities

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI T-Mobile hack In mid-August, an announcement about the sale of personal data of about 100 million T-Mobile customers appeared ...

locker and keyboard

Cyber Security Attacks: Concept, Types, How to Protect

What is a Cyber Threat? Today our whole life is inextricably linked with the Internet and computers: entertainment, communication, travel, medicine, shopping, and so on. All critical infrastructure, like power plants, hospitals, banking organizations, is connected to the Internet. That ...

CYBERSECURITY NEWS V. July – PrintNightmare update, Sequoia vulnerability, Saudi Aramco information leak

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple fixed 'actively exploited' 0-day Apple has released a patch for a zero-day vulnerability in iOS and macOS exploited ...

Hive update cats

NEW UPDATE. HIVE. VERSION 0.26.1

It’s Hive team on the line. We are happy to announce our new updates: Scope diff Issues templates import/export Advanced project filters by date Bugfix Scope diff Hive is a useful tool ...

CYBERSECURITY NEWS V. June – Codecov supply chain attack, Colonial Pipeline returned most of ransom paid to hackers

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI ChaChi is the new GoLang Trojan The team of BlackBerry Threat Research and Intelligence has discovered a new malware ...

Copyright © 2021 Hexway.
All rights reserved

Workspaces

Hive

Apiary

Roadmap

Explore

Pricing

Downloads

Docs

Resources

Blog

Research

Privacy policy

Stay up to date