SAP

Pierluigi Paganini June 10, 2025
SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch released in June 2025 Security Patch. SAP June 2025 Security Patch addressed a critical NetWeaver vulnerability, tracked as CVE-2025-42989 (CVSS score of 9.6), allowing threat actors to bypass authorization checks and escalate their privileges. “RFC inbound processing does not perform […]

Pierluigi Paganini May 06, 2025
Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader […]

Pierluigi Paganini July 18, 2024
SAPwned flaws in SAP AI core could expose customers’ data

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the […]

Pierluigi Paganini November 15, 2023
Critical flaw fixed in SAP Business One product

Enterprise software giant SAP addressed a critical improper access control vulnerability in its Business One product. SAP November 2023 Security Patch Day includes three new and three updated security notes. The most severe “hot news” is an improper access control vulnerability, tracked as CVE-2023-31403 (CVSS score of 9.6), that impacts SAP Business One product installation. […]

Pierluigi Paganini April 12, 2023
SAP April 2023 security updates fix critical vulnerabilities

SAP fixed two critical bugs that affect the Diagnostics Agent and the BusinessObjects Business Intelligence Platform. SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. The most critical vulnerabilities are: The complete list of the notes is reported in the latest security bulletin: SAP administrators are urged to […]

Pierluigi Paganini August 19, 2022
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog

US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536, to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details […]

Pierluigi Paganini February 09, 2022
CISA warns to address SAP ICMAD flaw immediately

The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager Advanced Desync (ICMAD) is a memory pipes (MPI) desynchronization vulnerability tracked as CVE-2022-22536. An unauthenticated remote attacker could exploit this issue by sending a simple HTTP request to a vulnerable instance and take over it. […]

Pierluigi Paganini April 15, 2021
April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a […]

Pierluigi Paganini April 06, 2021
SAP systems are targeted within 72 hours after updates are released

On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat actors within 72 hours after security patches are released. Threat actors perform reverse-engineering of the SAP […]

Pierluigi Paganini February 10, 2021
SAP addresses a critical flaw in SAP Commerce Product

SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously released notes. The new security notes include a Hot News note that addresses a critical vulnerability, tracked as CVE-2021-21477, […]