Two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released. The RECON vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10. If exploited, it could allow unauthenticated, remote attackers to gain full access to the vulnerable systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) strongly recommended that all customers install the patches immediately.
Source: https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-sap-recon-vulnerabilities-patch-now/