SAP security critical vulnerability was patched
SAP has patched a critical vulnerability that has a severity score of 10 out of 10 on the CvSS bug-severity scale. The bug dubbed RECON and tracked as CVE-2020-6287 affects the LM Configuration Wizard component in the NetWeaver Application Server (AS) Java Platform. The vulnerability allows an unauthenticated attacker to modify and retrieve confidential information and affect critical business processes.
According to the US Cybersecurity and Infrastructure Security Agency (CISA): “If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications.”
The vulnerability is present by default in every SAP application running the SAP NetWeaver Java 7.3 and newer (up to SAP NetWeaver 7.5) technology stack. Thus, the vulnerability affects such business solutions as SAP S / 4HANA, SAP SCM, SAP CRM, SAP CRM, SAP Enterprise Portal, SAP Solution Manager (SolMan).
There are no signs of the vulnerability active exploitation today, however, given the severity of RECON, it is recommended that organizations apply critical patches as soon as possible.
SAP and Siemens forge partnerships for digital transformation
SAP and Siemens have announced a partnership. Its aim is to help companies reduce time to market by leveraging the expertise and software solutions of industry leaders. SAP and Siemens agreement enables digitalization and provides a comprehensive solution for Industry 4.0. Both companies will collaborate on application development.
Klaus Helmrich, Member of the Managing Board of Siemens AG and CEO of Siemens Digital Industries, said: “This exciting collaboration between two industry leaders is about more than just interoperability and interfaces; it is about creating a truly integrated digital thread that unites product and asset lifecycle management with the business that enables customers to optimize production of products.”
SAP launched a new SAP Fieldglass solution
SAP Fieldglass External Talent Marketplace is designed to help organizations in hiring temporary workers. SAP’s partnerships with leading talent companies such as Adecco, Experis, a ManpowerGroup brand, Guidant Global make the SAP Fieldglass External Talent Marketplace a central place perfect for temporary workers.
“SAP Fieldglass External Talent Marketplace is designed to address a gap in the market for one view into multiple sources of vetted temporary workers, a need that was only exacerbated by the COVID-19 pandemic,” said Lisa Rowan, research vice president for HR, Talent and Learning Strategies at IDC.
SAP and E.ON are working on a joint project
SAP and energy provider E.ON are collaborating to create a new technology platform for E.ON network operations, based on SAP S / 4HANA Utilities solutions. The platform will enable energy providers and grid operators to exchange information faster, more accurately and more easily. Processes will be standardized to enable the company to respond more quickly and efficiently to customer requests. The partnership with SAP guarantees a stable and open platform.
Thomas König, board member in charge of energy networks, E.ON SE comments: “This project will set a new standard in the market. Having maximum automation and standardization on the new platform will make our processes much more efficient.”
