Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
SAP Addresses Major Security Flaws in NetWeaver and More

SAP Addresses Major Security Flaws in NetWeaver and More

Posted on July 14, 2026 By CWS

This week, SAP, a leading enterprise software provider, announced the release of several critical security patches as part of its regular July 2026 update cycle. Notably, 19 new and revised security advisories were issued, aiming to address significant vulnerabilities within its systems.

Key Vulnerabilities in NetWeaver

The most pressing of these vulnerabilities is identified as CVE-2026-44747, which impacts the NetWeaver Application Server ABAP. With a CVSS score of 9.9, this memory corruption issue poses significant risks, potentially allowing unauthorized data access and manipulation as well as system downtime. Experts from SAP’s security partner, Onapsis, stress the importance of implementing these patches promptly. For those unable to apply the updates immediately, a temporary fix involves disabling specific ICF nodes via transaction SICF.

Critical Flaws in Approuter and Commerce Cloud

Another noteworthy vulnerability, CVE-2026-27690, affects SAP Approuter in environments outside of Cloud Foundry. This HTTP request smuggling flaw, with a CVSS rating of 9.1, could enable attackers to desynchronize request-response cycles through crafted HTTP requests, potentially leading to unauthorized access. Similarly, SAP’s Commerce Cloud faced a critical issue, CVE-2026-44761, involving hardcoded credentials in OAuth2 client configurations. This could result in unauthorized data access if the sample scripts are executed without modification.

The vulnerability in Commerce Cloud highlights the risk of using sample scripts with default settings in production environments. While SAP’s updated documentation now warns against this practice, it is advised that organizations review their environments to ensure compliance and security.

Additional Security Measures and Updates

In addition to these critical vulnerabilities, SAP updated a previous note concerning a NetWeaver issue initially addressed in June, extending support to additional packages. Furthermore, six security advisories were released focusing on high-severity defects across various SAP products, including Integration Suite and SAProuter. These updates also encompass patches for vulnerabilities in Apache Camel and Apache Tomcat, used within some SAP solutions.

The remaining notes cover medium- and low-severity issues affecting several SAP platforms, such as S/4HANA, Fiori, CRM, and HANA Extended Application Services Classic Model. These updates are essential for maintaining robust security and protecting enterprise systems from potential threats.

As cyber threats continue to evolve, it is crucial for SAP users to stay informed and proactive in applying these updates to safeguard their systems.

Security Week News Tags:Approuter, Commerce Cloud, CVE-2026-27690, CVE-2026-44747, CVE-2026-44761, Cybersecurity, enterprise software, NetWeaver, Onapsis, patch management, SAP, security updates, system security, vulnerability management

Post navigation

Previous Post: Canadian Cybersecurity Leaders Shine at Web Summit Vancouver
Next Post: UK Issues Alert on Russian Cyber Threats to Networks

Related Posts

Widespread Keenadu Malware Threatening Android Devices Widespread Keenadu Malware Threatening Android Devices Security Week News
Enhancing Security with Build Application Firewalls Enhancing Security with Build Application Firewalls Security Week News
Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People Security Week News
High-Severity Vulnerabilities Patched in Chrome, Firefox High-Severity Vulnerabilities Patched in Chrome, Firefox Security Week News
Ransomware Targets Autovista’s Global Operations Ransomware Targets Autovista’s Global Operations Security Week News
CSA Unveils SaaS Security Controls Framework to Ease Complexity CSA Unveils SaaS Security Controls Framework to Ease Complexity Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure
  • UK Issues Alert on Russian Cyber Threats to Networks
  • SAP Addresses Major Security Flaws in NetWeaver and More
  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure
  • UK Issues Alert on Russian Cyber Threats to Networks
  • SAP Addresses Major Security Flaws in NetWeaver and More
  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark