SAP Patches Vital FS-QUO, NetWeaver Vulnerabilities – Cyber Tech
Enterprise safety agency SAP on Tuesday introduced the discharge of 15 new safety notes as a part of its March 2026 Safety Patch Day.
A very powerful of those notes resolves critical-severity vulnerabilities in Citation Administration Insurance coverage (FS-QUO) and NetWeaver Enterprise Portal Administration.
SAP describes the FS-QUO bug, tracked as CVE-2019-17571 (CVSS rating of 9.8), as a code injection concern.
Initially disclosed in December 2019, it’s a deserialization of untrusted information defect in Apache Log4j that would enable distant attackers to execute arbitrary code beneath sure circumstances.
The second critical-severity bug, tracked as CVE-2026-27685 (CVSS rating of 9.1), is one other deserialization of untrusted information concern.
It may enable attackers to add untrusted information that, when deserialized, may result in code execution, denial-of-service (DoS) circumstances, or privilege escalation.
The third safety notice launched on SAP’s March 2026 Safety Patch Day resolves CVE-2026-27689 (CVSS rating of seven.7), a high-severity DoS bug in Provide Chain Administration.
The problem permits an attacker to repeatedly name an unspecified operate with an especially giant loop management parameter, finally exhausting system sources by means of steady execution.
SAP’s remaining new safety notes resolve medium-severity points in NetWeaver, Enterprise One, Enterprise Warehouse, S/4HANA, Buyer Checkout 2.0, GUI for Home windows, and Answer Instruments Plug-In.
The resolved safety defects embody server-side request forgery (SSRF), lacking authorization examine, SQL injection, XSS, insecure storage safety, DLL hijacking, and DoS flaws.
SAP makes no point out of any of those vulnerabilities being exploited within the wild, however customers ought to replace their deployments as quickly as attainable.
Associated: SAP Patches Vital CRM, S/4HANA, NetWeaver Vulnerabilities
Associated: SAP’s January 2026 Safety Updates Patch Vital Vulnerabilities
Associated: Cisco Patches Vital Vulnerabilities in Enterprise Networking Merchandise
Associated: Android Replace Patches Exploited Qualcomm Zero-Day
What Erie Insurance coverage does to develop transformational expertise – Cyber Tech
What’s a Transport Administration System (TMS)? – Cyber Tech
「ブーメラン」CIO:ITリーダーは戻ってくることでレベルアップする – Cyber Tech
About The Author
admin
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
