SAP, the largest enterprise software maker, closed a critical vulnerability affecting SAP’s search engine TREX. The issue stayed exposed almost 2 years. The vulnerable component is included in the old SAP NetWeaver platform as well as in the new SAP HANA one, which makes it one of the most widespread and severe SAP server-side issues so far with CVSS score 9.4 out of 10.

https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/