Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in SAP NetWeaver Application Server Java (CVE-2020-6287)
Alerts

Critical Vulnerability in SAP NetWeaver Application Server Java (CVE-2020-6287)

14 July 2020

SAP has released a security update to address a critical vulnerability (CVE-2020-6287) affecting the SAP NetWeaver Application Server Java component Labour Management (LM) Configuration Wizard.

Successful exploitation of the vulnerability could allow an attacker to obtain unrestricted access to SAP systems, modify and extract sensitive information, and perform application maintenance activities such as shutting down federated SAP applications. 

The vulnerability is present by default in SAP applications running on top of SAP NetWeaver Application Server Java 7.3 and newer versions up to 7.5. 

Administrators of the affected applications are advised to install the latest security update immediately. Administrators who are unable to install the update immediately are advised to disable the LM Configuration Wizard Service to mitigate the vulnerability.

More information is available here:

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

https://www.us-cert.cisa.gov/ncas/alerts/aa20-195a

Back to top