Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices Ravie LakshmananMar 11, 2026Vulnerability / Enterprise Security SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization vulnerability in SAP NetWeaver Enterprise Portal Administration "The application uses an outdated artifact of Apache Log4j 1.2.17 that is vulnerable to CVE-2019-17571," SAP security company Onapsis said. "It allows an unprivileged attacker to execute arbitrary code remotely on the server, causing high impact on confidentiality, integrity, and availability of the application." CVE-2026-27685, on the other hand, stems from missing or insufficient validation during the deserialization of uploaded content, which could allow an attacker to upload untrusted or malicious content. "Only the fact that an attacker requires high privileges for a successful exploit prevents the vulnerability from being tagged with a CVSS score of 10," Onapsis added. The disclosure comes as Microsoft shipped patches for 84 vulnerabilities across products, including dozens of privilege escalation and remote code execution flaws. On Tuesday, Adobe also announced patches for 80 vulnerabilities, four of which are critical flaws impacting Adobe Commerce and Magento Open Source that could result in privilege escalation and security feature bypass. Separately, it fixed five critical vulnerabilities in Adobe Illustrator that could pave the way for arbitrary code execution. Elsewhere, Hewlett Packard Enterprise put out fixes for five shortcomings in Aruba Networking AOS-CX. The most severe of the flaws is CVE-2026-23813 (CVSS score: 9.8), an authentication bypass affecting the management interface. "A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls," HPE said. "In some cases, this could enable resetting the admin password." "Exploitation of this Aruba vulnerability potentially gives attackers full control of AOS-CX network devices and the ability to compromise an entire system undetected," Ross Filipek, CISO at Corsica Technologies, said in a statement. "A successful compromise could lead to the disruption of network communications or the erosion of the integrity of key business services. This flaw is a reminder that vulnerabilities in network devices are becoming more common in today's hyper-connected world. When attackers gain privileged access to these devices, it puts organizations at significant risk." Software Patches from Other Vendors Security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including — ABB Amazon Web Services AMD Arm Atlassian Bosch Broadcom (including VMware) Canon Cisco Commvault Dassault Systèmes Dell Devolutions Drupal Elastic F5 Fortinet Fortra Foxit Software GitLab Google Android and Pixel Google Chrome Google Cloud Google Pixel Watch Google Wear OS Grafana Hitachi Energy Honeywell HP HP Enterprise (including Aruba Networking and Juniper Networks) IBM Intel Ivanti Jenkins Lenovo Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu MediaTek Mitsubishi Electric Moxa Mozilla Firefox, Firefox ESR, and Thunderbird n8n NVIDIA Palo Alto Networks QNAP Qualcomm Ricoh Samsung Schneider Electric ServiceNow Siemens SolarWinds Splunk Synology TP-Link Trend Micro WatchGuard Western Digital Zoom, and Zyxel Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Authentication bypass, cybersecurity, enterprise security, Log4j, network security, remote code execution, SAP, Vulnerability Trending News OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Load More ▼ Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026