CVE-2020-6287 Scanner
Detects 'Improper Access Control' vulnerability in SAP NetWeaver Application Server affects v. 7.30, 7.31, 7.40, 7.50.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
30 sec
Scan only one
Url
Parent Category
CVE-2020-6287 Scanner Detail
SAP NetWeaver Application Server (AS) JAVA is an integrated technology platform that supports the development and execution of Java-based applications in the SAP environment. It provides a range of services, including application server, portal, web services, and business process management.
However, this product is not without its vulnerabilities. The most recent one, CVE-2020-6287, is a missing authentication check vulnerability. This vulnerability allows an attacker without prior authentication to execute configuration tasks and perform critical actions against the SAP Java system. One of these actions is creating an administrative user, which can compromise the Confidentiality, Integrity, and Availability of the system.
When this vulnerability is exploited, it can lead to serious consequences for businesses. Since an attacker can create an administrative user, they have complete control over the SAP Java system. They can access confidential information, modify or delete data, and disrupt business operations, leading to financial loss and reputational damage.
Thanks to the pro features of the securityforeveryone.com platform, businesses and individuals can easily and quickly learn about vulnerabilities in their digital assets. By subscribing to the platform, users can receive real-time alerts about new vulnerabilities and detailed risk assessments of their digital assets. This proactive approach to cybersecurity is essential in today's world, where cyberattacks are becoming increasingly sophisticated and frequent.
REFERENCES
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
- https://launchpad.support.sap.com/#/notes/2934135
- https://www.onapsis.com/recon-sap-cyber-security-vulnerability
- seclists.org: 20210405 Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks mailing-list
- http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html
control security posture