Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected

Rule Explanation

Certain versions of SAP NetWeaver AS do not perform an authentication check for access to the LM Configuration Wizard. This rule is designed to flag activity that may abuse that vulnerability.

What To Look For

This rule detects if an attempt to access the SAP NetWeaver LM Configuation Wizard.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

Authentication Bypass

An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2020-6287
Loading description

MITRE ATT&CK Framework

Tactic: Discovery

Technique: Software Discovery

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org