New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

[hackerbot]

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity

Source: https://thehackernews.com/2025/04/sap-c ... -flaw.html