Cybersecurity experts report that a new vulnerability in SAP NetWeaver is being exploited by threat actors to upload JSP web shells. This exploitation is linked to a known vulnerability or a potential zero-day issue, despite systems running updated patches. The vulnerability is centered around the metadata uploader endpoint, facilitating remote file uploads and code execution. Investigations suggest a growing trend in attacks, employing known exploits alongside new techniques, especially targeting high-value SAP systems used by government and enterprise sectors.
"Our investigation revealed a troubling pattern, suggesting that adversaries are leveraging a known exploit and pairing it with a mix of evolving techniques to maximize their impact."
"The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue."
Collection
[
|
...
]