Ethical Hacking News
SAP has issued critical security updates to address multiple vulnerabilities in its NetWeaver Application Server ABAP, including a CVSS score of 9.9 that could expose or modify sensitive data. The company recommends installing the patching ABAP Kernel version as soon as possible to ensure optimal protection.
SAP has released security updates to address multiple vulnerabilities in its NetWeaver Application Server ABAP, including CVE-2026-44747. The vulnerability is an out-of-bounds write flaw that allows authenticated attackers to modify sensitive data. Customers can mitigate the risk by removing or replacing the affected sample OAuth 2.0 client with a strong value. SAP has also addressed two other critical vulnerabilities, CVE-2026-27690 and CVE-2026-44761. The first vulnerability is an HTTP request/response smuggling flaw in SAP Approuter deployments. The second vulnerability is a use of default credentials flaw in SAP Commerce Cloud. SAP recommends installing the patching ABAP Kernel version to ensure optimal protection.
SAP has recently released security updates to address multiple vulnerabilities in its NetWeaver Application Server ABAP, including a critical flaw with a CVSS score of 9.9 that could expose or modify sensitive data. The vulnerability, identified as CVE-2026-44747, is an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability.
The vulnerability was discovered through a review of sample configuration scripts provided by SAP in its Help Portal documentation. These scripts, originally intended for development and testing purposes, configure OAuth 2.0 clients with hard-coded, well-known credentials. If left unchanged, an unauthenticated attacker could use these default credentials to obtain a valid access token and invoke certain APIs to read and modify data.
According to Onapsis, the SAP security firm responsible for identifying and mitigating this vulnerability, older versions of the documentation did not explicitly warn customers against importing these default settings into production. As a result, customers who executed the sample script and retained the resulting OAuth 2.0 client in production without replacing the hard-coded secret were at risk.
The good news is that customers are advised to remove or replace the affected sample OAuth 2.0 client with a strong, unique value. In addition to CVE-2026-44747, SAP has also addressed two other critical vulnerabilities, identified as CVE-2026-27690 and CVE-2026-44761. The first of these vulnerabilities is an HTTP request/response smuggling flaw in SAP Approuter deployments in non-cloud environments that allows an unauthenticated attacker to send a specially crafted HTTP request that leads to request-response desynchronization and results in the exposure of user responses and triggers denial-of-service (DoS) attacks.
The second vulnerability, CVE-2026-44761, is a use of default credentials flaw in SAP Commerce Cloud that could retain a sample OAuth 2.0 client with publicly documented sample credentials originating from a sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data.
In response to these vulnerabilities, SAP has recommended that customers disable all ICF nodes with a specific property in transaction SICF as a temporary workaround. However, this measure may not be feasible for all customers, and the company strongly advises installing the patching ABAP Kernel version to ensure optimal protection.
While there is currently no evidence of the flaws being exploited in the wild, it is essential that customers apply the necessary updates as soon as possible to minimize their exposure to these vulnerabilities. The incident highlights the importance of regular security audits and testing to identify potential weaknesses in systems before they can be exploited by malicious actors.
In addition to SAP's efforts to address these vulnerabilities, cybersecurity experts are emphasizing the need for organizations to adopt robust security measures to protect themselves against AI-powered attacks that are increasingly becoming a threat in today's digital landscape. By staying informed about emerging threats and implementing effective countermeasures, organizations can reduce their risk of falling victim to sophisticated cyber-attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/SAP-Addresses-Critical-Vulnerabilities-in-NetWeaver-ABAP-Affecting-Data-Exposure-and-Modification-ehn.shtml
https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html
https://nvd.nist.gov/vuln/detail/CVE-2026-44747
https://www.cvedetails.com/cve/CVE-2026-44747/
https://nvd.nist.gov/vuln/detail/CVE-2026-27690
https://www.cvedetails.com/cve/CVE-2026-27690/
https://nvd.nist.gov/vuln/detail/CVE-2026-44761
https://www.cvedetails.com/cve/CVE-2026-44761/
Published: Wed Jul 15 03:01:03 2026 by llama3.2 3B Q4_K_M