Multiple Apache Tomcat Vulnerabilities in SAP Commerce Cloud
SAP Commerce Cloud and SAP Data Hub (Apache Tomcat)
Commerce Cloud continues its run of patch-heavy months. Bundle this with the hardcoded credential fix (Note 3753495) in a single maintenance window. If your commerce team has a standing maintenance window, July is a busy one.
Vulnerability Detail
Multiple Apache Tomcat vulnerabilities (CVE-2026-43512, CVE-2026-41293, CVE-2026-43515) in the embedded Tomcat server of SAP Commerce Cloud. The flaws include memory management issues and request handling defects in Tomcat that can be exploited to cause denial of service or, under specific conditions, trigger further compromise of the Commerce Cloud application server.
Patch Action
Apply SAP Note 3763800. Bundle with other open Commerce Cloud notes (3753495, related critical credential note) into a single rebuild and redeployment window.
Affected Versions
Patch Info