Critical Vulnerability in SAP NetWeaver Application Server Java

Alert ID: 
JMCIRT-AL-2020.003
Alert Date: 
Tuesday, July 14, 2020
Threat Level: 
High

Critical Vulnerability in SAP NetWeaver Application Server Java
Original release date: July 13, 2020

The Jamaica Cyber Incident Response Team (JaCIRT)is aware of a critical vulnerability affecting the SAP NetWeaver Application Server Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.
Overview
This vulnerability exists in SAP applications running on top of SAP NetWeaver AS Java 7.3 up to 7.5. If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account and is able to perform application maintenance activities, such as shutting down federated SAP applications. The confidentiality, integrity, and availability of the data and processes hosted by the SAP application are at risk by this vulnerability.

Recommendations

  • Peruse the SAP Security Note and apply the critical patches.
  • Scan SAP systems for all known vulnerabilities, such as missing security patches, dangerous system configurations, and vulnerabilities in SAP custom code.
  • Apply missing security patches immediately and institutionalize security patching as part of a periodic process
  • Ensure secure configuration of your SAP landscape
  • Identify and analyse the security settings of SAP interfaces between systems and applications to understand risks posed by these trust relationships.
  • Analyse systems for malicious or excessive user authorizations.
  • Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities.
  • Monitor systems for suspicious user behaviour, including both privileged and non-privileged users.
  • Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks.
  • Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations

References

  1. https://us-cert.cisa.gov/
  2. https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
  3. https://www.onapsis.com/recon-sap-cyber-security-vulnerability
  4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287%20