SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

Summary

SAP has released security patches for multiple vulnerabilities in its NetWeaver Application Server ABAP, including a critical flaw identified as CVE-2026-44747. This vulnerability, with a CVSS score of 9.9, is an out-of-bounds write that could allow an authenticated attacker to cause memory corruption, potentially exposing or modifying data.

IFF Assessment

FOE

This is bad news for defenders as a critical vulnerability with a high CVSS score has been disclosed in a widely used SAP product, potentially allowing data exposure or modification.

Severity

9.9 Critical

The CVSS score of 9.9 indicates a critical vulnerability due to its potential impact on confidentiality and integrity, coupled with an attack vector that requires authentication, implying a significant risk for systems that are not patched.

Defender Context

Organizations using SAP NetWeaver ABAP should prioritize patching this critical vulnerability immediately to prevent potential data breaches or integrity compromises. Defenders should be aware of the potential for authenticated attackers to exploit this flaw and ensure proper access controls and monitoring are in place.

Read Full Story →