【資安漏洞預警】SAP針對旗下多款產品發布重大資安公告
[Security Vulnerability Alert] SAP Issues Major Cybersecurity Announcement for Multiple Products

發布單位:圖資處數位服務組
日期範圍:2026/5/15 ~ 2026/11/15
 
發布單位:圖資處數位服務組
日期範圍:2026/5/15 ~ 2026/11/15
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202605-00000005

[內容說明]
【CVE-2026-34260,CVSS:9.6】 SAP S/4HANA (SAP Enterprise Search for ABAP) 存在SQL注入漏洞,允許經過身分驗證的攻擊者,透過user-controlled注入惡意SQL語法,並在未經適當驗證或過濾的情況下傳至底層資料庫,導致攻擊者可能取得未經授權的敏感資料庫存取權限,影響應用程式的機密性與可用性。

【CVE-2026-34263,CVSS:9.6】 SAP Commerce cloud允許未經驗證的攻擊者執行惡意組態上傳與程式碼注入,導致任意伺服器端程式碼執行,可能影響應用程式的機密性、完整性與可用性。

[影響平台]
【CVE-2026-34260】 SAP S/4HANA (SAP Enterprise Search for ABAP) Version(s) - SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816

【CVE-2026-34263】 SAP Commerce cloud Version(s) - HY_COM 2205, COM_CLOUD 2211, 2211-JDK21

[建議措施]
根據官方網站釋出的解決方式進行修補: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000005

[Content Description]
【CVE-2026-34260, CVSS: 9.6】 SAP S/4HANA (SAP Enterprise Search for ABAP) has an SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL syntax through user-controlled injection, which can then be transmitted to the underlying database without proper authentication or filtering. This could grant attackers unauthorized access to sensitive databases, impacting application confidentiality and availability.

【CVE-2026-34263, CVSS: 9.6】 SAP Commerce cloud allows unauthenticated attackers to execute malicious configuration uploads and code injection, leading to arbitrary server-side code execution, potentially affecting application confidentiality, integrity, and availability.

[Affected Platforms]
【CVE-2026-34260】 SAP S/4HANA (SAP Enterprise Search for ABAP) Version(s) - SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816

【CVE-2026-34263】 SAP Commerce cloud Version(s) - HY_COM 2205, COM_CLOUD 2211, 2211-JDK21

[Recommended Actions]
Patch according to the solutions released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html


相關附件
system_update_alt官方網站
【返回上頁】
Top↑