The bug (CVE-2020-6287) has been named RECON by the Onapsis Research Labs researchers that found it. Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more. SAP delivered a patch for the issue on Tuesday as part of its July 2020 Security Note. The vulnerability is introduced due to the lack of authentication in a web component of the SAP NetWeaver AS for Java, allowing for several high-privileged activities on the SAP system.
Source: https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/