Researchers at Onapsis and DHS CERT today published reports describing a critical SAP Invoker Servlet vulnerability that has been used to attack 36 global enterprises spanning 15 critical industries.