Onapsis and Mandiant have collaborated to release an open-source tool to assist SAP customers in identifying potential compromise related to CVE-2025-31324 and CVE-2025-42999, a critical 0-day ...

SAP users should immediately ... “Having administrative access to the system will allow the attacker to manage (read/modify/delete) every database record or file in the system,” Onapsis ...

SAP HANA installation media used for this deployment is the default one for SAP HANA, platform edition 2.0 SPS07 available at SAP Support Portal under INSTALLATION AND UPGRADE area and it has to be ...

Also found in SAP NetWeaver/JAVA, this security flaw, patched in March 2016, permits remote attackers to read arbitrary files via directory traversal sequences, leading to information leaks and ...

It allows attackers to upload malicious executable files without logging in, potentially leading to remote code execution and full system ... in certain Java Servlet," stated the SAP spokesperson.

CVE-2025-31324 is a critical vulnerability with a maximum CVSS score of 10 that affects all SAP NetWeaver 7.xx versions. It allows unauthenticated remote attackers to upload arbitrary files to ...

Over 10,000 SAP ... file upload and execution activities appeared linked to the exploitation of CVE-2017-9844 (CVSS score of 9.8), a Metadata Uploader bug that could lead to denial-of-service (DoS) ...

SAP has joined the OpenJDK project, an Oracle-led initiative producing an open source implementation of Java that also has gained support of such companies as IBM and Apple in recent months.