SAP has launched safety updates to deal with two crucial safety flaws that might be exploited to realize arbitrary code execution on affected programs.
The vulnerabilities in query listed under –
- CVE-2019-17571 (CVSS rating: 9.8) – A code injection vulnerability in SAP Citation Administration Insurance coverage software (FS-QUO)
- CVE-2026-27685 (CVSS rating: 9.1) – An insecure deserialization vulnerability in SAP NetWeaver Enterprise Portal Administration
“The applying makes use of an outdated artifact of Apache Log4j 1.2.17 that’s susceptible to CVE-2019-17571,” SAP safety firm Onapsis mentioned. “It permits an unprivileged attacker to execute arbitrary code remotely on the server, inflicting excessive impression on confidentiality, integrity, and availability of the applying.”
CVE-2026-27685, alternatively, stems from lacking or inadequate validation through the deserialization of uploaded content material, which might permit an attacker to add untrusted or malicious content material.
“Solely the truth that an attacker requires excessive privileges for a profitable exploit prevents the vulnerability from being tagged with a CVSS rating of 10,” Onapsis added.
The disclosure comes as Microsoft shipped patches for 84 vulnerabilities throughout merchandise, together with dozens of privilege escalation and distant code execution flaws.
On Tuesday, Adobe additionally introduced patches for 80 vulnerabilities, 4 of that are crucial flaws impacting Adobe Commerce and Magento Open Supply that would lead to privilege escalation and safety function bypass. Individually, it fastened 5 crucial vulnerabilities in Adobe Illustrator that would pave the way in which for arbitrary code execution.
Elsewhere, Hewlett Packard Enterprise put out fixes for 5 shortcomings in Aruba Networking AOS-CX. Probably the most extreme of the issues is CVE-2026-23813 (CVSS rating: 9.8), an authentication bypass affecting the administration interface.
“A vulnerability has been recognized within the web-based administration interface of AOS-CX switches that would probably permit an unauthenticated distant actor to bypass present authentication controls,” HPE mentioned. “In some circumstances, this might allow resetting the admin password.”
“Exploitation of this Aruba vulnerability probably offers attackers full management of AOS-CX community units and the flexibility to compromise a whole system undetected,” Ross Filipek, CISO at Corsica Applied sciences, mentioned in an announcement.
“A profitable compromise might result in the disruption of community communications or the erosion of the integrity of key enterprise companies. This flaw is a reminder that vulnerabilities in community units have gotten extra frequent in right now’s hyper-connected world. When attackers acquire privileged entry to those units, it places organizations at vital danger.”
Software program Patches from Different Distributors
Safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
- ABB
- Amazon Internet Companies
- AMD
- Arm
- Atlassian
- Bosch
- Broadcom (together with VMware)
- Canon
- Cisco
- Commvault
- Dassault Systèmes
- Dell
- Devolutions
- Drupal
- Elastic
- F5
- Fortinet
- Fortra
- Foxit Software program
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Pixel Watch
- Google Put on OS
- Grafana
- Hitachi Vitality
- Honeywell
- HP
- HP Enterprise (together with Aruba Networking and Juniper Networks)
- IBM
- Intel
- Ivanti
- Jenkins
- Lenovo
- Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Pink Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electrical
- Moxa
- Mozilla Firefox, Firefox ESR, and Thunderbird
- n8n
- NVIDIA
- Palo Alto Networks
- QNAP
- Qualcomm
- Ricoh
- Samsung
- Schneider Electrical
- ServiceNow
- Siemens
- SolarWinds
- Splunk
- Synology
- TP-Hyperlink
- Development Micro
- WatchGuard
- Western Digital
- Zoom, and
- Zyxel
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s traits right now: learn extra, subscribe to our e-newsletter, and develop into a part of the NextTech group at NextTech-news.com
