Critical SAP Bug Allows Full Enterprise System Takeover
The Department of Homeland Security recently released an alert for a bug that allows attackers to eventually read and modify financial records, change banking details, read PII, administer purchases, disrupt operations, achieve command execution, and delete or modify files. The vulnerability holds the highest severity score and is found in SAP software. The bug has been disclosed for SAP customers, who use their software to manage financials, human resources, logistics, and other functions.
The bug has been named RECON by researchers at Onapsis Research Labs who uncovered it, standing for Remotely Exploitable Code on NetWeaver. The vulnerability affects more than 40,000 SAP customers, according to Onapsis. SAP notably delivered a patch for the bug on Tuesday, and experts urge SAP customers to implement the update as soon as possible.