SAP Security Notes - 03/26 - SecurityBridge Cloud

.no-js-class { display: none; } body { background-color: #fff; }

No JavaScript!

It seems your browser does not support JavaScript or it was disable by purpose! We use JavaScript to improve the user experience. Please consider enabling it for a better usability.

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.8.

Severity

SAP© Security advisories 22

System Types

Affected SAP© system types

3698553

CVSS

9.8

Affected system type Java

Patchday 2026-03

Released on 2026/03/10

Description 3698553 - [CVE-2019-17571 ] Code Injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)

Security Advisory

3714585

CVSS

9.1

Affected system type Java

Patchday 2026-03

Released on 2026/03/10

Description 3714585 - [ CVE-2026-27685] Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

Security Advisory

3697567

CVSS

8.8

Affected system type ABAP

Patchday 2026-03

Released on 2026/02/10

Description 3697567 - [CVE-2026-23687] XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

Security Advisory

3719502

CVSS

7.7

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3719502 - [CVE-2026-27689] Denial of service (DOS) in SAP Supply Chain Management

Security Advisory

3678282

CVSS

7.5

Affected system type BI/BO platform

Patchday 2026-03

Released on 2026/02/10

Description [CVE-2026-0485] Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform

Security Advisory

3695912

CVSS

6.5

Affected system type BI/BO platform

Patchday 2026-03

Released on 2026/02/10

Description 3695912 - [CVE-2026-24324] Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)

Security Advisory

3672622

CVSS

6.5

Affected system type ABAP

Patchday 2026-03

Released on 2026/02/10

Description 3672622 - [CVE-2026-0484] Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Security Advisory

3689080

CVSS

6.4

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3689080 - [CVE-2026-24316] Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

Security Advisory

3703856

CVSS

6.4

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3703856 - [CVE-2026-24309] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

3697355

CVSS

6.4

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3697355 - [CVE-2026-27684] SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)

Security Advisory

3693543

CVSS

6.1

Affected system type SAP Business One

Patchday 2026-03

Released on 2026/03/10

Description 3693543 - [CVE-2026-0489] DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

Security Advisory

3703385

CVSS

5.9

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3703385 - [CVE-2026-27686] Missing Authorization check in SAP Business Warehouse (Service API)

Security Advisory

3701020

CVSS

5.8

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3701020 - [CVE-2026-27687] Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Security Advisory

3708457

CVSS

5.6

Affected system type SAP Customer Checkout

Patchday 2026-03

Released on 2026/03/10

Description 3708457 - [CVE-2026-24311] Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0

Security Advisory

3707930

CVSS

5.0

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3707930 - [CVE-2026-24313] Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

Security Advisory

3704740

CVSS

5.0

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3704740 - [CVE-2026-27688] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

3699761

CVSS

5.0

Affected system type SAP GUI / Frontend

Patchday 2026-03

Released on 2026/03/10

Description 3699761 - [CVE-2026-24317] DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT

Security Advisory

3396109

CVSS

4.7

Affected system type ABAP

Patchday 2026-03

Released on 2024/02/13

Description 3396109 - [CVE-2024-22128] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

Security Advisory

3700960

CVSS

4.3

Affected system type Java

Patchday 2026-03

Released on 2026/03/10

Description 3700960 - [Multiple CVEs] Denial of Service due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Services)

Security Advisory

3646297

CVSS

4.3

Affected system type ABAP

Patchday 2026-03

Released on 2026/02/24

Description 3646297 - [CVE-2026-24314] Information Disclosure vulnerability in SAP S/4HANA (Manage Payment Media)

Security Advisory

3694383

CVSS

3.5

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description 3694383 - [CVE-2026-24310] Missing Authorization check in SAP NetWeaver Application Server for ABAP

Security Advisory

3665042

CVSS

3.1

Affected system type ABAP

Patchday 2026-03

Released on 2026/03/10

Description CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Security Advisory