Mastodawn

#SAP fixes critical flaws in #NetWeaver and #CommerceCloud

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/

SAP fixes critical flaws in NetWeaver and Commerce Cloud

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud.

BleepingComputer

AllAboutSecurity Mar 11

SAP Patch Day März 2026: Zwei HotNews-Lücken in Log4j und NetWeaver geschlossen

Im Fokus stehen eine seit Jahren bekannte Log4j-Komponente und eine Deserialisierungslücke im NetWeaver Enterprise Portal.

https://www.all-about-security.de/sap-patch-day-maerz-2026-zwei-hotnews-luecken-in-log4j-und-netweaver-geschlossen/

#sap #patchday #netweaver #Log4j

SAP Patch Day März 2026: Zwei HotNews-Lücken in Log4j und NetWeaver geschlossen

SAP schließt im März 20 Sicherheitslücken – darunter zwei HotNews mit CVSS 9,8 und 9,1. Alle Patches im Überblick.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit

Rene Robichaud Oct 14, 2025

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
https://gbhackers.com/sap-netweaver-memory-corruption-flaw/

#Infosec #Security #Cybersecurity #CeptBiro #SAP #NetWeaver #MemoryCorruption #CorruptedLogonTickets

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets

A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CyberVeille.ch Sep 10, 2025

📢 SAP corrige 21 failles dont 3 critiques dans NetWeaver et autres produits
📝 Selon BleepingComputer, SAP a publié son bulletin sécurité de septembre détaillant 21 nouvelles vulnérabilité...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-10-sap-corrige-21-failles-dont-3-critiques-dans-netweaver-et-autres-produits/
🌐 source : https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/
#CVE_2025_42944 #NetWeaver #Cyberveille

SAP corrige 21 failles dont 3 critiques dans NetWeaver et autres produits

Selon BleepingComputer, SAP a publié son bulletin sécurité de septembre détaillant 21 nouvelles vulnérabilités, dont trois failles critiques affectant principalement SAP NetWeaver. NetWeaver est le socle de multiples apps SAP (ERP, CRM, SRM, SCM) et est largement déployé en entreprise. 🔴 CVE-2025-42944 (CVSS 10.0) — Désérialisation non sécurisée dans SAP NetWeaver (RMIP4), ServerCore 7.50. Un attaquant non authentifié peut exécuter des commandes OS arbitraires en envoyant un objet Java malveillant via le module RMI-P4 vers un port ouvert. Le protocole RMI-P4, utilisé par NetWeaver AS Java pour la communication interne SAP-to-SAP ou l’administration, peut être exposé au-delà de l’hôte (voire à Internet) en cas de mauvaise configuration réseau (pare-feu, etc.).

CyberVeille

WALLSEC GmbH Sep 9, 2025

🚨 Breaking #SAP security update! 🚨 In this month's #PatchTuesday release, SAP has fixed several critical #NetWeaver vulnerabilities (CVSS 9.1 - 10.00🔥). Read below for more details and patch today! ➡️ support.sap.com/en/my-suppor... #SAPsecurity

Marcel SIneM(S)US May 17, 2025

Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google

#GoogleChrome #ChromeBrowser

Warnung vor Angriffen auf neue SAP-Netweaver-Lücke, Chrome und Draytek-Router

Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor Angriffen auf eine neue SAP-Netweaver-Lücke sowie auf Chrome und Draytek-Router.

heise online

Marcel SIneM(S)US May 17, 2025

#SAP-#Netweaver-Lücke: #Ransomware-Gruppen springen auf | Security https://www.heise.de/news/SAP-Netweaver-Luecke-Ransomware-Gruppen-springen-auf-10384918.html #Malware #CyberCrime #Patchday

SAP-Netweaver-Lücke: Ransomware-Gruppen springen auf

Ende April musste SAP eine kritische Sicherheitslücke in Netweaver schließen. Ransomware-Gruppierungen greifen das Leck nun auch an.

heise online

PrivacyDigest May 11, 2025

Chinese #Hackers #Exploit SAP #RCE Flaw CVE-2025-31324, Deploy Golang-Based #SuperShell

CVE-2025-31324 refers to a critical #SAP #NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint
#security

https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

The Hacker News

securityaffairs May 6, 2025

Experts warn of a second wave of attacks targeting #SAP #NetWeaver bug CVE-2025-31324
https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html
#securityaffairs #hacking

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Security Affairs

Security Land Apr 26, 2025

A critical SAP vulnerability scoring 10/10 is actively being exploited to deploy ransomware across enterprise systems. Security experts from ReliaQuest warn this zero-day flaw in NetWeaver could compromise corporate and government data worldwide. Learn how to protect your organization now.

#SecurityLand #CyberWatch #ZeroDay #Vulnerability #SAP #NetWeaver #EnterpriseSecurity

https://www.security.land/critical-sap-zero-day-vulnerability-scores-perfect-10-enterprise-and-government-systems-at-risk/

Critical SAP Zero-Day Vulnerability Scores Perfect 10: Enterprise and Government Systems at Risk | Security Land

SAP releases emergency patch for critical NetWeaver vulnerability (CVE-2025-31324) actively exploited in the wild. Immediate action required.

Security Land