彙總 SAP 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SQL 注入、開放重定向與XXE 相關,可能在 伺服器部署與系統元件 場景中帶來 異常行為與資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-27680 | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted. | [email protected] | 3.1 | 0.17% | 2026-05-14 | 2026-06-17 |
| CVE-2026-40135 | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality. | [email protected] | 6.5 | 1.40% | 2026-05-11 | 2026-06-17 |
| CVE-2026-27682 | Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify informatio | [email protected] | 4.7 | 0.22% | 2026-05-11 | 2026-06-17 |
| CVE-2026-34264 | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected. | [email protected] | 6.5 | 0.27% | 2026-04-13 | 2026-06-17 |
| CVE-2026-34262 | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | [email protected] | 5.0 | 0.30% | 2026-04-13 | 2026-06-17 |
| CVE-2026-34257 | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability. | [email protected] | 6.1 | 0.15% | 2026-04-13 | 2026-06-17 |
| CVE-2026-27679 | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted. | [email protected] | 6.5 | 0.18% | 2026-04-13 | 2026-06-17 |
| CVE-2026-27674 | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the | [email protected] | 6.1 | 0.19% | 2026-04-13 | 2026-06-17 |
| CVE-2026-27688 | Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affec | [email protected] | 5.0 | 0.23% | 2026-03-10 | 2026-06-17 |
| CVE-2026-24316 | SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application. | [email protected] | 6.4 | 0.16% | 2026-03-10 | 2026-06-17 |
| CVE-2026-24310 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability. | [email protected] | 3.5 | 0.19% | 2026-03-10 | 2026-06-17 |
| CVE-2026-24309 | Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality. | [email protected] | 6.4 | 0.21% | 2026-03-10 | 2026-06-17 |
| CVE-2026-24314 | Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted. | [email protected] | 4.3 | 0.20% | 2026-02-24 | 2026-06-17 |
| CVE-2026-24328 | SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application. | [email protected] | 6.1 | 0.17% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24327 | Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability. | [email protected] | 4.3 | 0.22% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24326 | Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application. | [email protected] | 4.3 | 0.20% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24325 | SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application. | [email protected] | 4.8 | 0.18% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24324 | SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected. | [email protected] | 6.5 | 0.34% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24323 | The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application. | [email protected] | 6.1 | 0.21% | 2026-02-09 | 2026-06-17 |
| CVE-2026-24322 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability. | [email protected] | 7.7 | 0.21% | 2026-02-09 | 2026-06-17 |