Serial number: AV26-209
Date: March 10, 2026
On March 10, 2026, SAP published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:
- SAP NetWeaver Enterprise Portal Administration – version EP-RUNTIME 7.50
- SAP Quotation Management Insurance Application (FS-QUO) – version FS-QUO 800
- SAP Supply Chain Management – multiple versions
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations, and apply the necessary updates.
- [CVE-2019-17571] Code Injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)
- [CVE-2026-27685] Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration
- [CVE-2026-27689] Denial of service (DOS) in SAP Supply Chain Management
- SAP Security Patch Day - March 2026