The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a Critical Vulnerability in SAP NetWeaver AS Java. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. SAP has released a security update to address a critical vulnerability, CVE-2020-6287.
CISA encourages users and administrators of SAP products to:
- Scan SAP systems for all known vulnerabilities, such as missing security patches, dangerous system configurations and vulnerabilities in SAP custom code.
- Apply missing security patches immediately and institutionalize security patching as part of a periodic process.
- Ensure secure configuration of your SAP landscape.
- Identify and analyze the security settings of SAP interfaces between systems and applications to understand risks posed by these trust relationships.
- Analyze systems for malicious or excessive user authorizations.
- Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities.
- Monitor systems for suspicious user behavior, including both privileged and non-privileged users.
- Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks.
- Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations.
These recommendations apply to SAP systems in public, private, and hybrid cloud environments.