Recon: critical vulnerability affecting all SAP systems

Written by Mark Mergaerts in Technology


A vulnerability has been discovered, which makes it possible to create SAP users with maximum privileges without the need to authenticate. The vulnerability known as RECON (Remotely Exploitable Code on NetWeaver) has received a CVSS (threat severity) rating of 10/10, which means it is considered extremely critical. The problem exists in all NetWeaver Java systems with release 7.30, 7.31, 7.40 or 7.50.

Shutterstock 134284013


It is of the utmost importance to apply this patch, and initially the workaround, as soon as possible. The threat posed by this security flaw cannot be overstated: a malicious intruder who obtains full privileges could arbitrarily steal, corrupt or destroy business data.

About the author

Mark Mergaerts

Mark Mergaerts has more than 25 years of experience in SAP Basis Consulting. He knows the ins and outs of databases and landscapes and is highly experienced in performance and tuning of ABAP systems and the adapting of customer code when migrating to a different database platform.

Read more articles by Mark Mergaerts

Related articles