Maximum severity vulnerability puts over 1200 SAP NetWeaver servers at risk of hijacking

Maximum severity vulnerability puts over 1200 SAP NetWeaver servers at risk of hijacking

A workaround and a patch are already available but many firms have already been breached.

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

Over 400 servers found to be exposed to SAP NetWeaver bug

Active exploitation of flaw with 10.0 CVSS has been confirmed. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now a…

Onapsis Research Labs Briefing on SAP CVE-2017-12637

CISA recently updated their Known Exploited Vulnerabilities (KEV) catalog with an SAP vulnerability: CVE-2017-12637. When exploited, this vulnerability affecting SAP Netweaver AS Java application servers can enable unauthenticated threat actors to take full control of unprotected SAP systems.While this is a known security vulnerability that was promptly patched by SAP in 2017, Onapsis Research Labs have observed this issue being present in sever…

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

A just-patched vulnerability in SAP’s NetWeaver Visual Composer Web-based software modeling tool is being actively exploited by attackers. The vulnerability, CVE-2025-31324, has a maximum CVSS score of 10 and affects all SAP NetWeaver 7.xx versions. The zero-day allows an unauthenticated remote attacker to upload files with no restrictions. Over 450 Internet exposed instances are vulnerable, […] The post SAP NetWeaver Visual Composer Flaw Under …

On Friday, SAP patched an already attacked vulnerability in SAP Netweaver. Hundreds of servers are still vulnerable.