SAP security patch release for CVE-2019-17571
Security Patch Release
Summary
Hide ▲
Show ▼
SAP released security updates for two critical flaws in FS-QUO and NetWeaver Enterprise Portal Administration, reducing the risk of arbitrary code execution on affected systems. The patched issues are CVE-2019-17571 and CVE-2026-27685, rated 9.8 and 9.1 respectively. One flaw is a code injection issue tied to an outdated Apache Log4j 1.2.17 artifact, while the other is an insecure deserialization weakness in uploaded content handling. Both bugs were severe enough to warrant immediate vendor fixes for affected SAP deployments.
Related Happenings
Splunk Enterprise security update for CVE-2026-20253
Security Patch Release
H score52
First: 13.06.2026 16:23
Last: 13.06.2026 16:23
Sources 1
About this happening:
**Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Splunk Enterprise security update for CVE-2026-20253
Security Patch ReleaseAbout this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch Release
H score24
First: 09.06.2026 22:36
Last: 09.06.2026 22:36
Sources 1
About this happening:
**SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch ReleaseAbout this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
Nginx security patch release for CVE-2026-49975
Security Patch Release
H score42
First: 03.06.2026 22:08
Last: 03.06.2026 22:08
Sources 1
About this happening:
Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...
Nginx security patch release for CVE-2026-49975
Security Patch ReleaseAbout this happening: Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch Release
H score38
First: 12.05.2026 14:04
Last: 12.05.2026 14:04
Sources 1
About this happening:
**SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch ReleaseAbout this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
Timeline
-
11.03.2026 14:26 2 articles · 4mo ago
SAP releases security updates for two critical flaws
Initial DisclosureSAP released security updates for SAP Quotation Management Insurance application (FS-QUO) and SAP NetWeaver Enterprise Portal Administration to address CVE-2019-17571 and CVE-2026-27685, two critical vulnerabilities that could enable arbitrary code execution on affected systems. One flaw is a code injection issue tied to an outdated Apache Log4j 1.2.17 artifact with CVSS 9.8, and the other is an insecure deserialization weakness involving uploaded content with CVSS 9.1.
Show sources
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices — thehackernews.com — 11.03.2026 14:26
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices — thehackernews.com — 11.03.2026 14:26