Onapsis Research Labs Briefing on SAP CVE-2017-12637

CISA recently updated their Known Exploited Vulnerabilities (KEV) catalog with an SAP vulnerability: CVE-2017-12637. When exploited, this vulnerability affecting SAP Netweaver AS Java application servers can enable unauthenticated threat actors to take full control of unprotected SAP systems.

While this is a known security vulnerability that was promptly patched by SAP in 2017, Onapsis Research Labs have observed this issue being present in several environments to this day.

Onapsis Research Labs has also recently identified active exploitation via our global SAP Threat Intelligence Network, and we will be sharing our findings with the public.