Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SAP security patch release for CVE-2025-42890

Security Patch Release
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

SAP released its November security updates on 2025-11-11, addressing multiple vulnerabilities in SQL Anywhere Monitor, SAP Solution Manager, and NetWeaver. The bundle includes CVE-2025-42890, a 10.0-severity hardcoded-credentials flaw in the non-GUI SQL Anywhere Monitor component, and CVE-2025-42887, a 9.9-severity code-injection issue in Solution Manager. The update set also covers CVE-2025-42940, 14 medium-severity vulnerabilities, and a previously addressed CVE-2025-42944, making the release important for enterprise SAP environments.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...

Open Happening

Microsoft April 2026 Patch Tuesday security updates (167 flaws)

Security Patch Release
First: 14.04.2026 20:41 Last: 14.04.2026 20:41 Sources 1

About this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

SAP security patch release for CVE-2019-17571

Security Patch Release
First: 11.03.2026 14:26 Last: 11.03.2026 14:26 Sources 1

About this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...

Open Happening

Timeline

  1. 11.11.2025 17:38 2 articles · 6mo ago

    SAP releases November 2025 security updates

    Mitigation Patch Update

    SAP released its November security updates, fixing CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI), CVE-2025-42887 in SAP Solution Manager, CVE-2025-42940, 14 other medium-severity vulnerabilities, and CVE-2025-42944 in NetWeaver.

    Show sources
    Open in new tab
  2. 11.11.2025 17:38 1 articles · 6mo ago

    SAP details hardcoded credentials and code injection flaws

    Technical Analysis Update

    CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) was described as hardcoded credentials that could expose administrative functions and provide attackers with the possibility of arbitrary code execution, while CVE-2025-42887 in SAP Solution Manager involved missing input sanitation in a remote-enabled function module that could let an authenticated attacker insert malicious code and gain full control of the system.

    Show sources
    Open in new tab