轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202603-00000008

[內容說明]
SAP針對旗下產品SAP NetWeaver Enterprise Portal Administration 發布重大資安漏洞公告(CVE-2026-27685，CVSS：9.1)，允許具有特權的攻擊者上傳不受信任或惡意內容時，經系統反序列化處理後，可能對主機系統的機密性、完整性和可用性造成影響。

[影響平台]
SAP NetWeaver Enterprise Portal Administration Version(s) - EP-RUNTIME 7.50

[建議措施]
根據官方網站釋出的解決方式進行修補： https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10757-ddbaa-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Warning TWCERTCC-200-202603-00000008

[Content Description]
SAP has released a critical cybersecurity vulnerability announcement (CVE-2026-27685, CVSS: 9.1) for its product SAP NetWeaver Enterprise Portal Administration. This vulnerability allows privileged attackers to upload untrusted or malicious content, which, after system deserialization, could potentially impact the confidentiality, integrity, and availability of the host system.

[Affected Platform]
SAP NetWeaver Enterprise Portal Administration Version(s) - EP-RUNTIME 7.50

[Recommended Action]
Patch according to the solution released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10757-ddbaa-1.html