SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in SAP NetWeaver AS Java.The vulnerability is due to a lack of authentication in the vulnerable component. A remote, unauthenticated attacker could exploit this vulnerability to create admin credentials. Successful exploitation of this vulnerability result in the bypassing of authentication and allows the attacker to perform arbitrary actions with administrative privileges.
SAP NetWeaver AS Java 7.30 to 7.50
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the latest upgrade or patch from the vendor:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
CVE Infomation | Exploits or more Infomation |
---|---|
mitre | EXPLOIT DATABASE |
NVD | 0day.today |
vulmon.com | github |
CVE Details | |
JVN ENG JPN | |
Reconshell |
Software Tag:
List of frequently cited URLs
User | URL | Info Source | Date |
---|---|---|---|
malwrhunterteam | https://twitter.com/malwrhunterteam/status/1575210752528764... | Source malwrhunterteam 1575210752528764928 | 2022/09/29 |
CVEtrends | https://cvetrends.com | Source CVEtrends 1575470458610270212 | 2022/09/29 |
List of frequently cited URLs
URL | Num of Times Referred to |
---|---|
alerts.vulmon.com | 264 |
lists.astaro.com | 24 |
us-cert.cisa.gov | 7 |
www.jpcert.or.jp | 7 |
www.helpnetsecurity.com | 6 |
github.com | 5 |
ift.tt | 4 |
vicxer.com | 4 |
threatpost.com | 4 |
www.tenable.com | 4 |
twitter.com | 3 |
wiki.scn.sap.com | 3 |
thehackernews.com | 3 |
reportcybercrime.com | 3 |
ipssignatures.appspot.com | 3 |
User | URL | Info Source |
---|---|---|
malwrhunterteam | twitter.com | Show Tweet |
CVEtrends | cvetrends.com | Show Tweet |
Name | URL |
---|---|
chipik/SAP_RECON | https://github.com/chipik/SAP_RECON |
duc-nt/CVE-2020-6287-exploit | https://github.com/duc-nt/CVE-2020-6287-exploit |
Onapsis/CVE-2020-6287_RECON-scanner | https://github.com/Onapsis/CVE-2020-6287_RECON-scanner |
murataydemir/CVE-2020-6287 | https://github.com/murataydemir/CVE-2020-6287 |
ynsmroztas/CVE-2020-6287-Sap-Add-User | https://github.com/ynsmroztas/CVE-2020-6287-Sap-Add-User |
Name | URL |
---|---|
chipik/SAP_RECON | github.com |
duc-nt/CVE-2020-6287-exploit | github.com |
Onapsis/CVE-2020-6287_RECON-scanner | github.com |
murataydemir/CVE-2020-6287 | github.com |
ynsmroztas/CVE-2020-6287-Sap-Add-User | github.com |