CVE-2020-6287
CRITICAL KEV NUCLEISAP NetWeaver AS JAVA - Missing Authentication Check
Title source: llmExploitation Summary
CVE-2020-6287 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
EIP tracks 8 public exploits from researchers including chipik, duc-nt, Onapsis, including a Metasploit module auxiliary/admin/sap/cve_2020_6287_ws_add_user.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2020-6287 (SAP RECON vulnerability), which involves a missing authorization check in SAP LM Configuration Wizard and a directory traversal in the `queryProtocol` method. The script can check for vulnerability, download arbitrary ZIP files, and create SAP JAVA users with varying privileges.
Description
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
Exploits (8)
This repository contains a functional Python script that exploits CVE-2020-6287 (SAP RECON vulnerability), which involves a missing authorization check in SAP LM Configuration Wizard and a directory traversal in the `queryProtocol` method. The script can check for vulnerability, download arbitrary ZIP files, and create SAP JAVA users with varying privileges.
This repository contains a functional Python exploit for CVE-2020-6287, which allows unauthenticated user creation in SAP NetWeaver AS Java. The exploit sends a crafted SOAP request to the CTCWebService endpoint to add a user without administrative privileges.
This repository contains two Python scripts for scanning SAP NetWeaver Java applications for CVE-2020-6287 (RECON). One script performs vulnerability detection, while the other scans logs for indicators of compromise (IoCs).
This repository provides functional exploit code for CVE-2020-6287, an authentication bypass vulnerability in SAP NetWeaver AS JAVA. It includes detailed PoC requests to create both simple and administrator Java users via unauthenticated SOAP requests.
This repository contains a functional exploit for CVE-2020-6287, an authentication bypass vulnerability in SAP NetWeaver AS JAVA. The exploit uses Shodan to find targets and leverages Metasploit's module to create an administrative user on vulnerable systems.
The repository contains only a vague README with no technical details or exploit code, suggesting it may be a lure for external downloads or monetization. No actual PoC or analysis is provided.
This repository contains a bash script that checks for the existence of a user account created via CVE-2020-6287 by iterating through possible mandate values. It does not exploit the vulnerability but verifies if an account was created using the RECON.py exploit.
This Metasploit module exploits CVE-2020-6287 (RECON) in SAP NetWeaver AS Java to create or delete users via unauthenticated SOAP requests to the CTCWebService. It leverages a job submission mechanism to add a user with a specified role and cleans up by canceling the job.
Nuclei Templates (1)
http.favicon.hash:-266008933
icon_hash=-266008933
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H