SAP has issued December security updates addressing 14 vulnerabilities, including three critical flaws with high CVSS scores. These updates cover significant issues like code injection, deserialization, and Apache Tomcat vulnerabilities, emphasizing the ongoing need for enterprise patch management. #SAPSolutionManager #SAPCommerceCloud #SAPjConnect
Keypoints
- SAP released security patches for 14 vulnerabilities across various products this December.
- The most critical flaw, CVE-2025-42880, allows remote code execution via a code injection flaw in SAP Solution Manager.
- Vulnerabilities in SAP Commerce Cloud related to Apache Tomcat impact large-scale online retailers.
- CVE-2025-42928 exposes SAP jConnect to deserialization attacks potentially leading to system compromise.
- There are also five high-severity and six medium-severity issues addressed, but attackers have not yet actively exploited these flaws.