Security News > 2021 > March > SAP Stomps Out Critical RCE Flaw in Manufacturing Software

Enterprise software giant SAP pushed out fixes for a critical-severity vulnerability in its real-time data monitoring software for manufacturing operations.
If exploited, the flaw could allow an attacker to access SAP databases, infect end users with malware and modify network configurations.
The two most critical fixes, which are newly released as part of the security update, included the vulnerability in SAP's Manufacturing Integration and Intelligence application for synchronizing manufacturing operations, as well as one in SAP's NetWeaver AS Java software stack.
"With SAP MII, SAP NetWeaver AS Java and SAP HANA, three different applications are affected this time by critical vulnerabilities."
Beyond these two serious flaws, SAP also fixed an authentication bypass in SAP HANA. It also made updates to two previous security updates - including a missing authentication check in SAP Solution Manager and a security update for Google Chromium.
The fixes come after a February security update by SAP fixing a critical vulnerability in its Commerce platform for e-commerce businesses.
News URL
https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)