SAP Urges Immediate Patch for Critical Security Flaws

SAP Urges Immediate Patch for Critical Security Flaws

Posted on By CWS

SAP has released a crucial security update as part of its March 2026 Patch Day, introducing 15 new security notes to address vulnerabilities across its product suite. Among these, two critical vulnerabilities stand out, posing a risk of remote code execution and potential system compromise.

Critical Vulnerabilities Identified

This month’s update highlights two critical security issues. The first, tagged as CVE-2019-17571, affects the SAP Quotation Management Insurance application. With a CVSS score of 9.8, this flaw originates from an outdated Apache Log4j component, allowing unauthenticated remote attackers to execute arbitrary code on affected systems. Notably, this is the first patch specifically targeting FS-QUO 800 despite the CVE’s existence since 2019.

The second critical issue, CVE-2026-27685, impacts SAP NetWeaver Enterprise Portal Administration. Rated 9.1 on the CVSS scale, this vulnerability arises from insecure deserialization, enabling a privileged user to upload malicious content, potentially compromising the entire system.

High and Medium Severity Flaws

In addition to the critical vulnerabilities, SAP’s patch addresses a high-severity denial-of-service vulnerability, CVE-2026-27689, in its Supply Chain Management software. This flaw could disrupt system availability and requires immediate attention.

Several medium-severity vulnerabilities are also patched, including a server-side request forgery in SAP NetWeaver Application Server for ABAP, and missing authorization checks across various SAP products. These vulnerabilities could allow unauthorized actions or data access, posing significant risks if left unpatched.

Lower Severity Issues and Recommendations

Lower severity patches include fixes for insecure storage in SAP Customer Checkout and DLL hijacking in SAP GUI for Windows. While these are less critical, they still warrant attention to ensure comprehensive security.

SAP emphasizes the importance of applying the two critical patches immediately, particularly for organizations utilizing SAP NetWeaver, Supply Chain Management, or Business One. Regular patch management aligned with SAP’s monthly updates is essential for maintaining system security.

For further cybersecurity updates and recommendations, follow us on Google News, LinkedIn, and X. Contact us to share your stories and insights.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Cloudflare Outage Causes Major Global Disruptions Cloudflare Outage Causes Major Global Disruptions Cyber Security News
New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections Cyber Security News
Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server Cyber Security News
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data Cyber Security News
SonicWall SSLVPN Under Attack Following the Breach of All Customers’ Firewall Backups SonicWall SSLVPN Under Attack Following the Breach of All Customers’ Firewall Backups Cyber Security News
Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges Cyber Security News