SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
Summary
SAP has released security patches for multiple vulnerabilities in its NetWeaver Application Server ABAP, including a critical flaw identified as CVE-2026-44747. This vulnerability, with a CVSS score of 9.9, is an out-of-bounds write that could allow an authenticated attacker to cause memory corruption, potentially exposing or modifying data.
IFF Assessment
This is bad news for defenders as a critical vulnerability with a high CVSS score has been disclosed in a widely used SAP product, potentially allowing data exposure or modification.
Severity
The CVSS score of 9.9 indicates a critical vulnerability due to its potential impact on confidentiality and integrity, coupled with an attack vector that requires authentication, implying a significant risk for systems that are not patched.
Defender Context
Organizations using SAP NetWeaver ABAP should prioritize patching this critical vulnerability immediately to prevent potential data breaches or integrity compromises. Defenders should be aware of the potential for authenticated attackers to exploit this flaw and ensure proper access controls and monitoring are in place.