SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products.

Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.

Three dozen global enterprises have been breached by attackers who exploited a single, mitigated vulnerability in SAP business applications. The attacks were carried out between 2013 and are ongoing against large organizations owned by corporations in the United States, United Kingdom, Germany, China, India, Japan, and South Korea, spanning 15 critical industries, researchers at Onapsis said...