AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java

CERT-LatestNews ThreatsCybercrime ThreatsEconomic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesNetwork VulnerabilitiesOS
On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 , affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.