Threat Encyclopedia

SAP.NetWeaver.LM.Configuration.Wizard.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in SAP NetWeaver AS Java.
The vulnerability is due to a lack of authentication in the vulnerable component. A remote, unauthenticated attacker could exploit this vulnerability to create admin credentials. Successful exploitation of this vulnerability result in the bypassing of authentication and allows the attacker to perform arbitrary actions with administrative privileges.

affected-products-logoAffected Products

SAP NetWeaver AS Java 7.30 to 7.50

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

CVE References

CVE-2020-6287