SAP RECON Flaw: Albatross Around the Neck

A critical flaw, with a CVSS score of 10, has been disclosed for SAP users.

The scoop

A critical vulnerability has been patched by SAP that is found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50. Dubbed RECON (Remotely Exploitable Code On NetWeaver), the vulnerability has earned a score of 10 on the CVSS scale and can be remotely exploited by hackers to compromise unpatched SAP systems.

Impact of unauthenticated exploit

  • A new SAP user can be created with maximum privilege.
  • This would allow attackers to bypass all access and authorization requirements and gain complete control of SAP systems.
  • Malicious activities, such as modifying financial records, viewing PII, and corrupting data, among others, can then be conducted with ease.
  • With the unrestricted access, threat actors can impact financial (Sarbanes-Oxley) and privacy (GDPR) compliance for an organization.

What you should know about the flaw

  • This security flaw could potentially impact around 40,000 customers. 
  • At least 2,500 vulnerable SAP systems are directly exposed to the Internet, with 33% in North America, 29% in Europe, and 27% in Asia-Pacific.
  • SAP applications vulnerable to the bug include SAP Solution Manager and SAP Enterprise Portal. Other affected tools include SAP Process Integration Module and SAP Landscape Management. 

The takeaway

Vulnerabilities such as RECON are not a usual occurrence, however, they have a huge impact on businesses. As stated previously, unauthorized access can lead to dire consequences. Thus, SAP users are advised to apply the patch and follow the recommended measures to stay safe.