SAP warns of high-severity vulnerabilities in multiple products

by
Dan Goodin
from Ars Technica - All content on (#6ZXKH)

As hackers exploit a high-severity vulnerability in SAP's flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10.

SAP on Tuesday said the highest-severity vulnerability-with a rating of 10 out of a possible 10-was found in NetWeaver, a platform that serves as the technical foundation for many of the company's other enterprise applications. The vulnerability, tracked as CVE-2025-42944, makes it possible for unauthenticated attackers to execute commands by submitting malicious payloads to an open port.

The maximum-severity threat stems from a deserialization vulnerability. Serialization is a coding process that translates data structures and object states into formats that can be stored or transmitted and then reconstructed later. Deserialization is the process in reverse.

Read full article

Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments