A critical RECON vulnerability in SAP Netweaver AS JAVA was identified by the Onapsis team and reported to the SAP Security Response Team. RECON (Remotely Exploitable Code On NetWeaver) allows unauthorized users to gain full access to the SAP system. The The vulnerability (id CVE-2020-6287) was considered CRITICAL (the maximum level of 10 in the CVSS scale)!
According to the authors, "The use of this vulnerability allows the attacker to create a new SAP user with full rights in the system, omitting authentication such as login and password. This makes it possible to bypass all the controls that mature enterprises implement to secure their systems (such as segregation of duties, access and identity management, or GRC tools). As a result, you can get full control over the SAP system. "
It is initially estimated that the number of vulnerable systems is over 40,000 worldwide!