Remote code execution (#RCE) is a type of security vulnerability in SAP that allows an attacker to remotely execute arbitrary code on a target system. This means an attacker can exploit a vulnerability in the system software to gain access to a remote system and execute commands or actions without authorisation.
SAP applications cover the full spectrum of business solutions - not just ERP systems, but also customer relationship management, supply chain management, data analytics, human resources management, and many other functions that support the daily operations of companies worldwide - and consequently store sensitive data. A remote code execution vulnerability in SAP can have serious consequences, such as data theft, disruption of system operation, or financial losses.
The known RECON vulnerability for SAP NetWeaver Java instances
In July 2020, security researchers identified a new vulnerability in SAP systems known as #RECON. This vulnerability affects SAP #NetWeaver Java instances and allows attackers to gain access to the system and perform unauthorised actions.
The RECON vulnerability results from the lack of proper authentication controls in the SAP NetWeaver Java User Management Engine (UME) module. This allows an attacker to bypass authentication and obtain administrative privileges in the system. Once access is gained, the attacker can perform various actions, such as stealing sensitive data, modifying or deleting key system files, or installing malicious software.
The RECON vulnerability received the maximum score on the #CVSS (Common Vulnerability Scoring System) scale - 10 out of 10, indicating that it is a critical vulnerability requiring immediate remediation.
Mitigating RCE and RECON vulnerabilities in SAP
It is essential to implement the appropriate security patches as quickly as possible in order to minimise the risk associated with RCE and RECON vulnerabilities in SAP. In addition, SAP regularly releases security updates to address known vulnerabilities and enhance the security of its software.
Furthermore, it is essential to implement proper access controls and authentication mechanisms to limit unauthorised access to SAP systems. Organisations should also regularly conduct security assessments and penetration testing to identify and remediate any vulnerabilities in their SAP systems. SNOK offers such services and is able to secure all SAP instances against this type of attack.
The remote code execution (RCE) vulnerability in SAP, and the known RECON vulnerability for SAP NetWeaver Java instances, represent serious security threats that can have significant consequences for organisations. It is essential to take appropriate security measures to mitigate the risk associated with these vulnerabilities, including applying security patches and implementing access controls and authentication mechanisms. By taking preventive measures, organisations can minimise the impact of these vulnerabilities and ensure the security of their SAP systems.
The importance of using third-party products for SAP security patch management
Managing SAP security patches can be difficult and time-consuming, particularly for organisations with complex and diverse SAP landscapes. Implementing them requires careful planning and coordination to ensure system security without disrupting critical business operations. While SAP provides security updates to address known vulnerabilities, organisations can also benefit from third-party products. A product such as SecurityBridge Patch Management for SAP can help organisations streamline the patch management process and ensure that systems remain secure and compliant.
SecurityBridge Patch Management for SAP is a comprehensive solution that enables organisations to easily manage SAP security. This solution provides a centralised console for tracking patch status, malicious activity, and baseline violations across the entire SAP landscape, in both on-premise and hybrid cloud environments.
By using #SecurityBridge Patch Management for SAP, organisations can reduce the time and resources needed to manage SAP security patches, allowing them to focus on other key business tasks while improving their SAP security posture.
SNOK, as an authorised representative of SecurityBridge, offers the software described above. If you are interested, please contact us - we will present the details and arrange a demonstration of the solution.