Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
developmentserver/metadatauploader
SAP NetWeaver Application Server Java metadata uploader, the target of the RECON vulnerability (CVE-2020-6287).
What an attacker could do
Lets an unauthenticated attacker create an administrator account on SAP NetWeaver, leading to full compromise of the SAP system and its business data.
How to defend it
Apply SAP Security Note 2934135, restrict access to the LM Configuration Wizard, and place SAP application servers behind a VPN or WAF.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation