Security Updates Address Critical Vulnerabilities in Enterprise Software and Network Devices
SAP has released security patches for two critical vulnerabilities CVE-2019-17571 and CVE-2026-27685 that could allow remote code execution, exposing enterprise systems to cyberattacks and data breaches if the vulnerabilities remain unpatched.
Tech Author
SAP has issued new security upgrades to address two critical vulnerabilities that might allow hackers to gain control of impacted systems. Cybersecurity experts warn that these gaps might be exploited for remote code execution, allowing attackers to run malicious applications on susceptible systems.
The first vulnerability is tracked as CVE-2019-17571 (CVSS score: 9.8) and affects the SAP Quotation Management Insurance application (FS-QUO). Security researchers say this issue is related to an outdated version of Apache Log4j 1.2.17, a widely used logging tool. Because of this weakness, attackers may be able to inject malicious code into the system. If exploited successfully, hackers could gain remote access and potentially compromise important business data.
The second vulnerability, CVE-2026-27685 (CVSS score: 9.1), affects SAP NetWeaver Enterprise Portal Administration. This issue occurs due to improper validation during a process known as data deserialization. In simple terms, the system does not properly check uploaded content. As a result, attackers could upload malicious files that may allow them to execute harmful code on the server.
According to cybersecurity firm Onapsis, exploiting the second vulnerability requires higher user privileges. However, if attackers get these advantages, the consequences could be severe. The weaknesses could compromise the confidentiality, integrity, and availability of corporate systems that rely on SAP software.
The distribution of these security patches comes with a busy period for cybersecurity updates across the IT industry. Microsoft recently released solutions for 84 vulnerabilities in its products, including numerous significant security concerns involving remote code execution and privilege escalation.
At the same time, Adobe patched 80 vulnerabilities in its products. Some of these major issues affect Adobe Commerce, Magento Open Source, and Adobe Illustrator, potentially allowing attackers to run malicious code or bypass security measures.
Meanwhile, Hewlett Packard Enterprise (HPE) provided updates for security issues in Aruba Networking AOS-CX switches. One of these flaws could enable hackers to bypass authentication and possibly reset administrator passwords. If exploited, attackers could obtain complete control of network devices, disrupting essential business operations.
Cybersecurity experts believe these upgrades illustrate the growing number of security flaws in workplace software and network equipment. Organizations ought to put the most recent security patches as promptly as possible to secure their systems against future threats.
Information referenced in this article is from The Hackers News
