轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202604-00000017

[內容說明]
SAP針對旗下產品商業規畫與合併財務報表系統(SAP Business Planning and Consolidation)和企業資料倉儲系統(SAP Business Warehouse)發布重大資安漏洞公告(CVE-2026-27681，CVSS：9.9)，允許經身分驗證的攻擊者，透過特製的SQL語法讀取、修改和刪除資料庫資料，對系統的機密性、完整性和可用性造成影響。

[影響平台]
HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816

[建議措施]
根據官方網站釋出的解決方式進行修補
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202604-00000017

[Content Description]
SAP has released a critical cybersecurity vulnerability announcement (CVE-2026-27681, CVSS: 9.9) for its Business Planning and Consolidation system and Business Warehouse system. This vulnerability allows authenticated attackers to read, modify, and delete database data using specially crafted SQL syntax, impacting the confidentiality, integrity, and availability of the systems.

[Affected Platforms]
HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816

[Recommended Actions]
Patch according to the solutions released on the official website:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

[References]
1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html