Cyber Security News

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

CybersecurityNews
SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

SAP has released 18 new security notes in its November 2025 patches, addressing critical vulnerabilities across multiple products. The most severe issues include insecure key management in SQL Anywhere Monitor and code injection in Solution Manager, emphasizing the importance of timely patch application. #CVE202542890 #CVE202542887

Keypoints

  • SAP’s November 2025 security patches fix 18 vulnerabilities across its enterprise software portfolio.
  • The most critical flaw (CVSS 10/10) involves insecure key management in SQL Anywhere Monitor, which was completely removed by SAP.
  • Solution Manager received a patch for a code injection vulnerability caused by unsanitized user input.
  • Additional updates addressed insecure deserialization in NetWeaver AS Java and memory corruption in CommonCryptoLib.
  • SAP advises users to promptly apply these patches, as the vulnerabilities are attractive to threat actors.

Read More: https://www.securityweek.com/sap-patches-critical-flaws-in-sql-anywhere-monitor-solution-manager/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint