sap
Safeguard articles tagged "sap" — guides, analysis, and best practices for software supply chain and application security.
3 articles
SAP May 2026: Two CVSS 9.6 Bugs Put S/4HANA SQL and Commerce Cloud RCE in the Crosshairs
SAP's May 2026 Patch Day fixed two critical CVSS 9.6 flaws: CVE-2026-34260, an authenticated SQL injection in S/4HANA Enterprise Search, and CVE-2026-34263, an unauthenticated configuration-upload-to-RCE in SAP Commerce Cloud. Both carry cross-scope impact.
SAP NetWeaver CVE-2025-31324: Unrestricted File Upload Zero-Day
A critical file upload vulnerability in SAP NetWeaver Visual Composer was exploited to deploy web shells on enterprise SAP systems. The flaw required no authentication and scored 10.0 on CVSS.
SAP ICM CVE-2022-22536: ICMAD Vulnerabilities Hit the Heart of Enterprise Software
CVE-2022-22536 scored a perfect CVSS 10.0, allowing unauthenticated request smuggling in SAP's Internet Communication Manager. Tens of thousands of SAP systems were at risk.