On March 14, SAP notified customers of a zero-day vulnerability in the SAPgui for Windows client that would allow attackers to execute commands remotely.