AllAboutSecurityMar 11

SAP Patch Day März 2026: Zwei HotNews-Lücken in Log4j und NetWeaver geschlossen

Im Fokus stehen eine seit Jahren bekannte Log4j-Komponente und eine Deserialisierungslücke im NetWeaver Enterprise Portal.

https://www.all-about-security.de/sap-patch-day-maerz-2026-zwei-hotnews-luecken-in-log4j-und-netweaver-geschlossen/

#sap #patchday #netweaver #Log4j

SAP Patch Day März 2026: Zwei HotNews-Lücken in Log4j und NetWeaver geschlossen

SAP schließt im März 20 Sicherheitslücken – darunter zwei HotNews mit CVSS 9,8 und 9,1. Alle Patches im Überblick.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
Rene RobichaudOct 14

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
https://gbhackers.com/sap-netweaver-memory-corruption-flaw/

#Infosec #Security #Cybersecurity #CeptBiro #SAP #NetWeaver #MemoryCorruption #CorruptedLogonTickets

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets

A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
CyberVeille.chSep 10, 2025
📢 SAP corrige 21 failles dont 3 critiques dans NetWeaver et autres produits
📝 Selon BleepingComputer, SAP a publié son bulletin sécurité de septembre détaillant 21 nouvelles vulnérabilité...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-10-sap-corrige-21-failles-dont-3-critiques-dans-netweaver-et-autres-produits/
🌐 source : https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/
#CVE_2025_42944 #NetWeaver #Cyberveille
SAP corrige 21 failles dont 3 critiques dans NetWeaver et autres produits

Selon BleepingComputer, SAP a publié son bulletin sécurité de septembre détaillant 21 nouvelles vulnérabilités, dont trois failles critiques affectant principalement SAP NetWeaver. NetWeaver est le socle de multiples apps SAP (ERP, CRM, SRM, SCM) et est largement déployé en entreprise. 🔴 CVE-2025-42944 (CVSS 10.0) — Désérialisation non sécurisée dans SAP NetWeaver (RMIP4), ServerCore 7.50. Un attaquant non authentifié peut exécuter des commandes OS arbitraires en envoyant un objet Java malveillant via le module RMI-P4 vers un port ouvert. Le protocole RMI-P4, utilisé par NetWeaver AS Java pour la communication interne SAP-to-SAP ou l’administration, peut être exposé au-delà de l’hôte (voire à Internet) en cas de mauvaise configuration réseau (pare-feu, etc.).

CyberVeille
WALLSEC GmbHSep 9, 2025
🚨 Breaking #SAP security update! 🚨 In this month's #PatchTuesday release, SAP has fixed several critical #NetWeaver vulnerabilities (CVSS 9.1 - 10.00🔥). Read below for more details and patch today! ➡️ support.sap.com/en/my-suppor... #SAPsecurity
Marcel SIneM(S)USMay 17, 2025
Warnung vor Angriffen auf neue #SAP-#Netweaver-Lücke, #Chrome und #Draytek-Router | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-neue-SAP-Netweaver-Luecke-Chrome-und-Draytek-Router-10385563.html #Patchday #SAPNetweaver #Vigor2960 #Vigor300B #DraytekVigor2960 #DraytekVigor300B #Google  #GoogleChrome #ChromeBrowser
Warnung vor Angriffen auf neue SAP-Netweaver-Lücke, Chrome und Draytek-Router

Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor Angriffen auf eine neue SAP-Netweaver-Lücke sowie auf Chrome und Draytek-Router.

heise online
Marcel SIneM(S)USMay 17, 2025
#SAP-#Netweaver-Lücke: #Ransomware-Gruppen springen auf | Security https://www.heise.de/news/SAP-Netweaver-Luecke-Ransomware-Gruppen-springen-auf-10384918.html #Malware #CyberCrime #Patchday
SAP-Netweaver-Lücke: Ransomware-Gruppen springen auf

Ende April musste SAP eine kritische Sicherheitslücke in Netweaver schließen. Ransomware-Gruppierungen greifen das Leck nun auch an.

heise online
PrivacyDigestMay 11, 2025

Chinese #Hackers #Exploit SAP #RCE Flaw CVE-2025-31324, Deploy Golang-Based #SuperShell

CVE-2025-31324 refers to a critical #SAP #NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint
#security

https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

The Hacker News
securityaffairsMay 6, 2025
Experts warn of a second wave of attacks targeting #SAP #NetWeaver bug CVE-2025-31324
https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html
#securityaffairs #hacking
Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Security Affairs
Security LandApr 26, 2025

A critical SAP vulnerability scoring 10/10 is actively being exploited to deploy ransomware across enterprise systems. Security experts from ReliaQuest warn this zero-day flaw in NetWeaver could compromise corporate and government data worldwide. Learn how to protect your organization now.

#SecurityLand #CyberWatch #ZeroDay #Vulnerability #SAP #NetWeaver #EnterpriseSecurity

https://www.security.land/critical-sap-zero-day-vulnerability-scores-perfect-10-enterprise-and-government-systems-at-risk/

Critical SAP Zero-Day Vulnerability Scores Perfect 10: Enterprise and Government Systems at Risk | Security Land

SAP releases emergency patch for critical NetWeaver vulnerability (CVE-2025-31324) actively exploited in the wild. Immediate action required.

Security Land
EfaniApr 26, 2025

🚨 SAP NetWeaver Zero-Day Under Active Exploitation — Patch Immediately

SAP has released an out-of-band emergency update to fix a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer — and it’s already being exploited in the wild.

The flaw (CVSS 10.0) allows unauthenticated remote attackers to upload malicious files and gain full remote code execution — no login required.

Here’s what’s happening:
- Threat actors are abusing the `/developmentserver/metadatauploader` endpoint
- They're dropping JSP web shells and executing commands directly from browsers
- Post-exploitation activity includes tools like Brute Ratel and MSBuild injection for stealth
- Even fully patched systems were compromised — confirming this was a true zero-day

Both ReliaQuest and watchTowr have confirmed active exploitation, with attackers already moving to establish persistence and lateral movement.

Who’s affected:
- SAP NetWeaver Visual Composer 7.50 environments
- Systems exposed to the internet, especially if Visual Composer is enabled

What you need to do:
- Apply the emergency patch from SAP (released after the April 8 update)
- If you can’t patch immediately:
- Restrict access to the vulnerable endpoint
- Disable Visual Composer if unused
- Forward logs to SIEM and scan for unauthorized servlet uploads

Also included in the emergency update:
- CVE-2025-27429 — Code injection in SAP S/4HANA
- CVE-2025-31330 — Code injection in SAP Landscape Transformation

In a world where zero-days are increasingly exploited within hours of discovery, patching isn’t optional — it’s urgent.

#SAP #NetWeaver #CyberSecurity