So kind of SAP NetWeaver to hand out admin accounts to anyone who can reach it. You’ll want to patch this
Dubbed RECON, aka Remotely Exploitable Code On NetWeaver, by its discoverers, security shop Onapsis, the bug in SAP’s NetWeaver AS JAVA (LM Configuration Wizard) allows a remote unathenticated hacker to take over a vulnerable NetWeaver-based system by creating admin accounts without any authorization. The bug, CVE-2020-6287, is a lack of proper authentication in NetWeaver. This Read more about So kind of SAP NetWeaver to hand out admin accounts to anyone who can reach it. You’ll want to patch this[…]