Short for Remotely Exploitable Code On NetWeaver, the vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers
to fully compromise unpatched SAP systems according to the company that found and responsibly disclosed RECON to the SAP Security Response Team. RECON is introduced due to the lack of authentication in an SAP NetWeaver AS for Java web component allowing for
several high-privileged activities on the affected SAP system.
Learn more >