SAP Releases Security Updates for Critical Vulnerabilities

SAP released security updates to address two critical vulnerabilities that could enable arbitrary code execution on affected systems. The first flaw, CVE-2019-17571 with a CVSS score of 9.8, is a code injection vulnerability in the SAP Quotation Management Insurance application (FS-QUO). The second, CVE-2026-27685 with a CVSS score of 9.1, involves insecure deserialization. Both vulnerabilities were disclosed as part of the vendor’s patching efforts, though no specific date for the updates was provided. The affected software is enterprise-focused, targeting SAP’s insurance management solutions.