Search results for SAP Cybersecurity | Breaking Cybersecurity News | The Hacker News

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations," cybersecurity firm Onapsis and SAP  said  in a joint report published today. The Boston-based company said it detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems between mid-2020 to March 2021, with multiple brute-force attempts made by adversaries aimed at high-privilege SAP accounts as well as chaining together several flaws to strike SAP applications. Applicatio...

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287 , is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, according to cybersecurity firm Onapsis, which uncovered the flaw . "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory . "The confidentiality, integr...

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity company said the possibility of a zero-day stems from the fact that several of the impacted systems were already running the latest patches. The flaw is assessed to be rooted in the "/developmentserver/metadatauploader" endpoint in the NetWeaver environment, enabling unknown threat actors to upload malicious JSP-based web shells in the "servlet_jsp/irj/root/" path for persistent remote access and deliver additional payloads. Put differently, the lightweight JSP web shell is configured to upload unauthorized files, enable entrenched control over the infected host...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to read files on the target host, including sensitive ones such as "/etc/shadow" via the endpoint "/c/router." It affects all versions of the software prior to version 10.11.3.86570. "NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files," CISA said in an advisory. Successful exploitation of the shortcoming could allow an adversary to read sensitive data, including configuration files, backups, and credentials, which could then act as a stepping stone for further compromises. There are cu...

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as  CVE-2020-6207 , that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP  SolMan  is an application management and administration solution that offers end-to-end application lifecycle management in distributed environments, acting as a centralized hub for implementing and maintaining SAP systems such as ERP, CRM, HCM, SCM, BI, and others. "A successful exploitation could allow a remote unauthenticated attacker to execute highly privileged administrative tasks in the connected  SAP SMD Agents ," researchers from Onapsis  said , referring to the Solution Manager Diagnostics toolset used to analyze and monitor SAP systems. The vulnerability, which has the highest possible CVSS base score of 10.0, was addressed by SAP as part of its...

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324 , an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign include natural gas distribution networks, water and integrated waste management utilities in the United Kingdom, medical device manufacturing plants oil and gas exploration and production companies in the United States, and government ministries in Saudi Arabia that are responsible for investment strategy and financial regulation. The findings are based on a publicly exposed directory uncovered on attacker-controlled infrastructure ("15.204.56[.]106") that contained event logs capturing the activities across multiple compromised systems. The Dutch cybersecurity company h...

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January 2025 . "The research discovered that SAP GUI input history is stored insecurely, both in the Java and Windows versions," Pathlock researcher Jonathan Stross said in a report shared with The Hacker News. SAP GUI user history allows users to access previously entered values in input fields with the goal of saving time and reducing errors. This historical information is stored locally on devices. This can include usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities identified by Pathlock are rooted in th...

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers to access customers' data and contaminate internal artifacts – spreading to related services and other customers' environments," security researcher Hillai Ben-Sasson said in a report shared with The Hacker News. Following responsible disclosure on January 25, 2024, the weaknesses were addressed by SAP as of May 15, 2024. In a nutshell, the flaws make it possible to obtain unauthorized access to customers' private artifacts and credentials to cloud environments like Amazon Web Services (AWS), Microsoft Azure, and SAP HANA Cloud. They could also be used to modify D...

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC," according to a description of the flaw in the NIST National Vulnerability Database (NVD). "This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. Successful exploration of the defect could result in a full system compromise of the SAP environment, subverting the confidentiality, integrity, and availability of the system. In short, it can permit attackers to modify the SAP database, create superuser accounts with SAP_ALL privileges, download password hashes, and alter business processes. SecurityBri...

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise ( ASE ), a relational database management software geared towards transaction-based applications. The cybersecurity company said the issues — both specific to the operating system and the platform as a whole — were discovered during a security testing of the product, one of which has a CVSS rating of 9.1. Identified as CVE-2020-6248 , the most severe vulnerability allows arbitrary code execution when making database backups, thus allowing an attacker to trigger the execution of malicious commands. "During database backup operations, there are no security checks for overwriting critical configuration files," Trustwave researchers said  in a...

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324 , indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware family, which is traced by Microsoft under the moniker Storm-2460. BianLian is assessed to be involved in at least one incident based on infrastructure links to IP addresses previously identified as attributed to the e-crime group. "We identified a server at 184[.]174[.]96[.]74 hosting reverse proxy services initiated by the rs64.exe executable," the company said. "This server is related to another IP, 184[.]174[.]96[.]70, operated by the same hosting provider. The second IP had previously been flagged as a command-and-control (C2) server associat...

We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the California Consumer Privacy Act (CCPA) was finalized on 11th January 1, 2019. Driven by laudable objectives to protect Californians' personal data, prevent its misuse or unconsented usage by unscrupulous entities, the law imposes formidable monetary penalties of up to $7,500 per intentional violation and $2,500 per unintentional violation. The Act is enforceable against organizations that process or handle personal data of California residents, regardless of the geographical location of the former. Akin to the EU GDPR, data subjects are empowered with a bundle of rights to control their personal data and its eventual usage. The pitfall is that if every US state introduces its own s...

The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. Delivering HR solutions from the cloud enables employees and administrators to not only automate typical tasks, such as providing a report on employee attrition, but also allows them to complete these tasks from anywhere and on any device. SuccessFactors makes it easy for employees to access what they need. But the wide range of sensitive employee data within SuccessFactors creates additional security and compliance challenges. Whether it's personal and financial information used for payroll or health information for benefits, you need the right cybersecurity to ensure that sensitive data,...

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the instance of the latest CISA directive, that would be making a mistake. In this article, we explain why, even if you're in the private or non-government sector, you should nonetheless take a close look at CISA Binding Operational Directive 22-01. We outline why CISA was forced to issue this directive, and why that firm action has implications for all organizations – inside and outside of government. Acting on cybersecurity issues isn't as simple as flicking a switch, of course, so keep reading to find out how you can address the core issue behind the CISA directive. Okay, so what exactly is a CISA directive? Let's take a step back to gain some context. Just like any organ...