Homeland Security Today

Critical Vulnerability in SAP NetWeaver AS Java

On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Bleeping Computer

SAP updates security note for critical RECON vulnerability

SAP today released its security patches for August, alerting of new critical and high-severity vulnerabilities in several of its products, mostly NetWeaver Application Server (AS). The full list ...
heise online

SAP Patchday: Another critical security vulnerability in Netweaver

SAP has published 14 security releases for the June patchday. In these, the company's developers address security vulnerabilities in various products, some of which are critical. IT managers should ...
Computer Weekly

Recon vulnerability puts thousands of SAP customers at risk

SAP has released a critical security update to address a serious vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, which is thought to affect at least ...
ZDNet

SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications

On Tuesday, SAP and Onapsis jointly released a report on the activities, in which security flaws with CVSS severity scores of up to 10, the highest possible, are being weaponized. SAP applications are ...