SAP News Articles

SAP Fixes Critical Vulnerability After Evidence of Exploitation

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

1 day ago

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

1 day ago

CVSS 10 SAP NetWeaver bug is under active attack

SAP NetWeaver customers are coming under widespread attack, as threat actors exploit a maximum criticality CVSS 10 vulnerability that has now been allocated  CVE-2025-31324. The vulnerability, which affects the platform’s visual composer, lets a remote and unauthenticated attacker upload malicious ...

1 day ago

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

1 day ago

Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Fixed: Actively Exploited in the Wild

Critical SAP NetWeaver vulnerability (CVE-2025-31324) with CVSS 10.0 allows remote code execution via file upload. Patch immediately - active exploits detected in the wild.

1 day ago

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

2 days ago

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

2 days ago

Critical SAP NetWeaver Flaws Let Hackers Gain System Access

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue...

SAP Update: Patches Fix Critical Flaws For Businesses

This month's SAP update addresses critical flaws that could allow attackers to bypass authentication and gain complete control of affected systems.

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION - Cloud WAF

CVE-2024-39592 : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.