SAP Updates Two-Year-Old Patch for TREX Vulnerability Posted on April 13, 2017 by Simon Steed SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products.