At least 36 global enterprises still vulnerable to a significant bug patched more than five years ago. The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company’s software systems. SAP said the Invoker Servlet was disabled in NetWeaver 7.20, so all SAP applications released since 2010 have been free of this vulnerability. The company’s work covered a number of industries including oil and gas, telecommunications, utilities, retail, automotive, and steel manufacturing.”]