Rewterz Threat Alert – Latest Nanocore RAT- IOCs
July 13, 2020Rewterz Threat Alert – Latest Emotet IOCs
July 14, 2020Rewterz Threat Alert – Latest Nanocore RAT- IOCs
July 13, 2020Rewterz Threat Alert – Latest Emotet IOCs
July 14, 2020Severity
High
Analysis Summary
The vulnerability is introduced due to the lack of authentication in a web component of the SAP NetWeaver AS for Java allowing for several high-privileged activities on the SAP system. If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account (adm), which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications. The confidentiality, integrity, and availability of the data and processes hosted by the SAP application are at risk by this vulnerability.
Impact
- Exposure of sensitive data
- Unrestricted access
- Execution of arbitrary commands
Affected Vendors
SAP
Affected Products
SAP NetWeaver AS JAVA
Remediation
Refer to SAP advisory for the complete list of affected products and it’s respective patches.