RECON bug lets hackers create admin accounts on SAP servers

Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched.

Onapsis says RECON allows malicious threat actors to create an SAP user account with maximum privileges on SAP applications exposed on the internet, granting attackers full control over the hacked companies’ SAP resources.

Read more…
Source: ZDNet