The US Agency Computer Emergency Readiness (US -CERT) has received an alert for a 6 years SAP vulnerability which is still being exploited. According to Onapsis. the responsibility lies in this case on the SAP users.
The US-CERT has warned of the vulnerability due to the fact that there have been 36 reported cases of cyberattacks against huge multinationals, and the publication of this piece of news would alert companies that might have a security gap without knowing it.
Those affected suffer a joint attack to SAP and Java; criminals can access remotely without login into the SAP affected platforms, they can gain control over business information, system processes and also access to other systems.