Security in any cloud environment is a shared responsibility between the organization and the cloud provider. The distribution of responsibilities between the two would depend on the cloud model implemented (i.e. IaaS, PaaS, SaaS), services in use, and applicable security compliance requirements. But on a more general note, the cloud provider is responsible for securing the cloud itself while the customer is responsible for securing their data within the cloud.
Identified as HotNews SAP Note #2934135 (CVE-2020-6287) in the July 2020 SAP Security Notes mentioned in our earlier blog SAP Security Patch Day, the RECON (Remotely Exploitable Code On NetWeaver) vulnerability has a CVSS score of 10 out of 10 (the most severe) and can potentially be exploited impacting the confidentiality, integrity and availability of mission-critical SAP applications.