Apply the remediation according to the solution provided on the official website:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026031210032020 | Publication Time | 2026/03/12 10:33 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/03/12 10:33 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】SAP NetWeaver Enterprise Portal Administration contains a critical security vulnerability (CVE-2026-27685). |
|||
| [Content] Forwarded from TWCERTCC-200-202603-00000009 SAP has released a critical security advisory for its product SAP NetWeaver Enterprise Portal Administration (CVE-2026-27685, CVSS: 9.1). The vulnerability allows a privileged attacker to upload untrusted or malicious content, which may be deserialized by the system, potentially impacting the confidentiality, integrity, and availability of the host system. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] SAP NetWeaver Enterprise Portal Administration Version(s) - EP-RUNTIME 7.50 |
|||
| [Recommended Actions]
Apply the remediation according to the solution provided on the official website: |
|||
| [Reference] 1. https://www.twcert.org.tw/tw/cp-169-10757-ddbaa-1.html |
|||