Ivanti, Fortinet and SAP Critical Patches
Ivanti, Fortinet and SAP released fixes for multiple critical vulnerabilities affecting enterprise products. Fortinet patched a FortiSandbox command injection flaw. Ivanti fixed two critical Ivanti Sentry issues, including unauthenticated root-level remote code execution and authentication bypass allowing arbitrary admin account creation. SAP also addressed critical flaws across NetWeaver, ABAP Platform, Commerce Cloud and Data Hub, including SAML XML signature wrapping, memory corruption and directory traversal. No active exploitation was reported, but the severity makes urgent patching advisable.
It has been one of those weeks where security teams open their vulnerability dashboards and immediately consider a career in gardening.
Ivanti, Fortinet and SAP have all released patches for critical vulnerabilities affecting widely used enterprise platforms. The issues are serious because they affect products often placed close to sensitive systems, authentication flows, or administrative infrastructure.
Fortinet fixed a command injection vulnerability in FortiSandbox that could allow unauthenticated attackers to run unauthorised commands using crafted HTTP requests. Ivanti also released urgent updates for Ivanti Sentry, including one flaw rated CVSS 10.0 that could allow unauthenticated remote code execution as root. Another Ivanti issue could allow an attacker to bypass authentication and create administrative accounts.
SAP’s patch list was also far from relaxing bedtime reading. Critical issues affected NetWeaver, ABAP Platform, Commerce Cloud and Data Hub, including identity tampering through SAML XML signature wrapping, memory corruption and directory traversal.
The good news is that there was no evidence of active exploitation at the time of reporting. The bad news is that attackers do tend to read patch notes too, usually with a cup of coffee and suspicious enthusiasm.
Organisations using these platforms should prioritise patching, restrict access to management interfaces and monitor logs for suspicious authentication or administrative activity.