"Critical SAP Bug Allows Full Enterprise System Takeover"

SAP has disclosed to its customers a critical vulnerability that has scored a severity score of 10 out of 10 on the CvSS bug-severity scale.  SAP has a widely deployed collection of enterprise resource planning (ERP) software, which clients use to manage their financials, logistics, customer-facing organizations, human resources, and other business areas. The bug has been named RECON, and it affects more than 40,000 SAP customers.  Successful exploitation of the bug would allow for attacks to read and modify financial records; change banking details; read personal identifiable information (PII); administer purchasing processes; sabotage or disrupt operations; achieve operating system command execution; and delete or modify traces, logs, and other files.  SAP has delivered a patch for the issue on Tuesday as part of its July 2020 Security Note.

Threatpost reports: "Critical SAP Bug Allows Full Enterprise System Takeover"