SAP NetWeaver RECON CVE-2020-6287 - Vulnerability Database

SAP NetWeaver RECON CVE-2020-6287

Description

SAP NetWeaver AS JAVA (LM Configuration Wizard) does not perform an authentication check which allows an attacker to execute configuration tasks to perform critical actions against the SAP Java system.

Remediation

Install SAP security patches #2934135, #2939665.

References

SAP RECON PoC from chipik

SAP Security Patch Day – July 2020

Related Vulnerabilities

Severity

High

Classification

CVE-2020-6287

CWE-287

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A