SAP Note 2947895 – RECON – SAP Vulnerability. The bug (CVE-2020-6287) has been named RECON by the Onapsis Research Labs researchers that found it
Source: SAP Security Patch Day – July 2020
On 14th of July 2020, SAP Security Patch Day saw the release of 8 Security Notes. There are 2 updates to previously released Patch Day Security Note.
List of SAP Security Notes released on July Patch Day:
2934135 [CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Additional CVE – CVE-2020-6286
2622660 Update to Security Note released on April 2018 Patch Day:
2758000 [CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management
Additional CVEs – CVE-2020-6289, CVE-2020-6290, CVE-2020-6291, CVE-2020-6292
2917743 [CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad)
2849967 [CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata)
2896025 [CVE-2020-6282] Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service)
2912708 [CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence
2880804 Update to Security Note released on April 2020 Patch Day:
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
2927373 [CVE-2020-6280] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform