資安研究人員揭露SAP NetWeaver Visual Composer存在一個滿分10.0分的關鍵漏洞：CVE-2025-31324，目前正被駭客積極利用來上傳惡意網頁命令執行介面(Web Shell)，進而完全控制受影響系統。 漏洞技術細節 此 ...

本週SAP發布9月份每月例行更新（Security Patch Day），其中修補3項重大層級漏洞CVE-2025-42944、CVE-2025-42922、 CVE-2025-42958，其中又以CVE-2025-42944風險值達到滿分，最為危險 ...

Positioning its NetWeaver platform for enterprise Java applications, SAP plans to offer a "virtual machine container" in 2005. With the announcement this week at its Tech Ed conference in San Diego, ...

NetWeaver AS Java中的LM組態精靈（configuration wizard）對外部連線驗證不足，可讓攻擊者藉由建立惡意HTTP連線開採，進而接管整個SAP系統，影響SAP ERP、Enterprise Portal、SCM、CRM、Process Integration（PI）、及 ...

Enterprise software maker SAP on Tuesday announced the release of ten new and two updated security notes as part of its June 2024 Security Patch Day. SAP’s new set of patches includes two ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...

On Tuesday, SAP and Onapsis jointly released a report on the activities, in which security flaws with CVSS severity scores of up to 10, the highest possible, are being weaponized. SAP applications are ...

SAP users should immediately deploy a newly released patch for a critical vulnerability that could allow hackers to compromise their systems and the data they contain. The flaw is in a core component ...

SAP's NetWeaver has achieved compatibility with Java Enterprise Edition 5, enabling users to execute Java applications on the NetWeaver Application Server. The compatibility feature offers essentially ...