Malicious Actors Exploit New SAP NetWeaver Vulnerability

Malicious actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells, enabling unauthorized file uploads and code execution. According to a report published this week by ReliaQuest, the exploitation could be related to a previously disclosed vulnerability known as CVE-2017-9844 or an unreported remote file inclusion (RFI) issue.