90% of 1,000,000 SAP production systems could be hacked by threat actors using publicly released critical exploits targeting misconfigured SAP installations and dubbed 10KBLAZE. The exploits can be leveraged to abuse a critical configuration issue in SAP NetWeaver installations (including S4/HANA) that, if not corrected as recommended by SAP, could lead to a full system compromise by attackers, without even requiring a valid SAP user ID and password. The only requirement to exploit the security flaws is for the potential attackers to have network access to the vulnerable SAP systems.
Source: https://www.bleepingcomputer.com/news/security/public-10kblaze-exploits-may-impact-90-percent-of-sap-production-systems/