Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. 
"The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week.
The cybersecurity



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html