/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- A security alert was issued regarding malicious versions of the Axios npm package published on March 31, 2026.
- The compromised versions (axios@1.14.1 and axios@0.30.4) included a dependency (plain-crypto-js) that contained a remote access trojan (RAT).
- Node.js projects that automatically pulled these versions may be at risk.
- Customers requested confirmation on whether environments (including ias, learning, bizx, and jam) are affected and whether any patching is required.
Read more...
Environment
SAP SuccessFactors Learning
Product
SAP SuccessFactors Learning all versions
Keywords
axios, npm, supply chain attack, plain-crypto-js, remote access trojan, RAT, axios 1.14.1, axios 0.30.4, node.js, impact assessment, successfactors learning, ias, bizx, jam, vulnerability monitoring, SAP solutions, SAP IAS, Learning, BizX and JAM solutions, , KBA , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)