SAP has patched a critical vulnerability in NetWeaver Application Server (AS) Java platform. The bug, dubbed RECON and tracked as, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers. The vulnerability is present by default in SAP applications running on top of SAP Netweaver AS Java 7.3 and newer. The US Cybersecurity and Infrastructure Security Agency (CISA) cautioned that the patches’ availability could make it easier for adversaries to reverse-engineer the flaw to target unpatched systems.
Source: https://thehackernews.com/2020/07/sap-netweaver-vulnerability.html