SAP Vulnerability RECON – Onapsis remediates with SAP – Free Webinar

Posted by Martin Brownsword on 19/08/2020 11:08

If you keep up to date on SAP security, you will no doubt have heard over the last few weeks about a critical vulnerability found in an SAP component included in many SAP applications. The vulnerability has even acquired a trendy name RECON, which stands for (Remotely Exploitable Code On NetWeaver). As you have probably deduced, this vulnerability resides inside SAP NetWeaver, in fact, SAP NetWeaver Java versions from 7.30 to 7.50 (or the latest version). As you already know, SAP NetWeaver is the base layer for numerous SAP products and solutions, meaning that a broad range of products could be impacted. These include, but are not limited to:

  • SAP Enterprise Resource Planning (ERP)
  • SAP Supply Chain Management (SCM)
  • SAP CRM (Java Stack)
  • SAP Enterprise Portal
  • SAP HR Portal
  • SAP Solution Manager (SolMan) 7.2
  • SAP Landscape Management (SAP LaMa)
  • SAP Process Integration/Orchestration (SAP PI/PO)
  • SAP Supplier Relationship Management (SRM)
  • SAP NetWeaver Mobile Infrastructure (MI)
  • SAP NetWeaver Development Infrastructure (NWDI)
  • SAP NetWeaver Composition Environment (CE) 

Since SAP Solution Manager (SolMan) is affected and deployed in almost every SAP environment, it is a safe assumption that almost every SAP customer running the Business Suite and S/4HANA has at least one system affected by this vulnerability. This vulnerability can be exploited by remote, unauthenticated attackers and systems exposed to untrusted networks such as the internet could be opportunistically targeted by attackers.

Fortunately, our new partner, Onapsis, identified this vulnerability in May this year and together with SAP, they have worked on developing a remediation in the form of a SAP Security note, which was released a few weeks ago. On September 25th, Onapsis will be holding a webinar together with SBN in which you can learn:

  • Details of the RECON vulnerability
  • The business impact
  • Why patching SAP is so important
  • Recommendations for keeping SAP protected
  • How to protect your SAP system from future threats

I would highly recommend that all members and partners who are interested in how we should be keeping SAP systems secure and in compliance attend this free webinar.

Please use the following link to register:

For more information on RECON and Onapsis please use the following link to the Onapsis website: 

More news in the same category

Tags: it, hana, projects, onapsis