Headline: SAP and Onapsis Proactively Notify and Help Customers Protect Mission-Critical Applications from Active Cyber Threats WALLDORF and BOSTON — SAP (NYSE: SAP) and Onapsis today jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications. The companies have worked in close partnership with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s Federal Cybersecurity Authority (BSI), advising organizations to take immediate action to apply long-available SAP patches and secure configurations, and perform compromise assessments on critical environments. SAP and Onapsis are not aware of known customer breaches directly related to this research. The report also does not describe any new vulnerabilities in SAP cloud software as a service or SAP’s own corporate IT infrastructure. Both companies, however, note that many organizations still have not applied relevant mitigations that have long been provided by SAP. Customers who fail to apply these protective measures and allow unprotected SAP applications to continue to operate put themselves and their business at risk.