SAP Urges Immediate Patch for Critical Security Flaws

SAP Urges Immediate Patch for Critical Security Flaws

Posted on By CWS

SAP has released a crucial security update as part of its March 2026 Patch Day, introducing 15 new security notes to address vulnerabilities across its product suite. Among these, two critical vulnerabilities stand out, posing a risk of remote code execution and potential system compromise.

Critical Vulnerabilities Identified

This month’s update highlights two critical security issues. The first, tagged as CVE-2019-17571, affects the SAP Quotation Management Insurance application. With a CVSS score of 9.8, this flaw originates from an outdated Apache Log4j component, allowing unauthenticated remote attackers to execute arbitrary code on affected systems. Notably, this is the first patch specifically targeting FS-QUO 800 despite the CVE’s existence since 2019.

The second critical issue, CVE-2026-27685, impacts SAP NetWeaver Enterprise Portal Administration. Rated 9.1 on the CVSS scale, this vulnerability arises from insecure deserialization, enabling a privileged user to upload malicious content, potentially compromising the entire system.

High and Medium Severity Flaws

In addition to the critical vulnerabilities, SAP’s patch addresses a high-severity denial-of-service vulnerability, CVE-2026-27689, in its Supply Chain Management software. This flaw could disrupt system availability and requires immediate attention.

Several medium-severity vulnerabilities are also patched, including a server-side request forgery in SAP NetWeaver Application Server for ABAP, and missing authorization checks across various SAP products. These vulnerabilities could allow unauthorized actions or data access, posing significant risks if left unpatched.

Lower Severity Issues and Recommendations

Lower severity patches include fixes for insecure storage in SAP Customer Checkout and DLL hijacking in SAP GUI for Windows. While these are less critical, they still warrant attention to ensure comprehensive security.

SAP emphasizes the importance of applying the two critical patches immediately, particularly for organizations utilizing SAP NetWeaver, Supply Chain Management, or Business One. Regular patch management aligned with SAP’s monthly updates is essential for maintaining system security.

For further cybersecurity updates and recommendations, follow us on Google News, LinkedIn, and X. Contact us to share your stories and insights.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Critical Docker Flaw Allows Unauthorized Host Access Critical Docker Flaw Allows Unauthorized Host Access Cyber Security News
Threat Actors Using ViperSoftX Malware to Exfiltrate Sensitive Details Threat Actors Using ViperSoftX Malware to Exfiltrate Sensitive Details Cyber Security News
Hacking Groups Exploit OpenClaw to Deploy Malware Hacking Groups Exploit OpenClaw to Deploy Malware Cyber Security News
Microsoft Defender for Office 365 to Block Email Bombing Attacks Microsoft Defender for Office 365 to Block Email Bombing Attacks Cyber Security News
Critical SAP S/4HANA Vulnerability Actively Exploited to Fully Compromise Your SAP System Critical SAP S/4HANA Vulnerability Actively Exploited to Fully Compromise Your SAP System Cyber Security News
Fire Ant Hackers Exploiting Vulnerabilities in VMware ESXi and vCenter Fire Ant Hackers Exploiting Vulnerabilities in VMware ESXi and vCenter Cyber Security News