Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026051404051010 | Publication Time | 2026-05-14 16:31:11 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-05-14 16:31:11 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】SAP released critical information security advisories for multiple products under its brand. |
|||
| [Content]
Forwarded from TWCERTCC-200-202605-00000005 【CVE-2026-34260, CVSS: 9.6】 SAP S/4HANA (SAP Enterprise Search for ABAP) contains an SQL injection vulnerability, allowing an authenticated attacker to inject malicious SQL syntax through user-controlled input and transmit it to the underlying database without proper validation or filtering, which may result in the attacker obtaining unauthorized access privileges to sensitive databases and affect the confidentiality and availability of the application. 【CVE-2026-34263, CVSS: 9.6】 SAP Commerce cloud allows an unauthenticated attacker to execute malicious configuration uploads and code injection, resulting in arbitrary server-side code execution, which may affect the confidentiality, integrity, and availability of the application. Information Sharing Level: WHITE (The information content is information that may be publicly disclosed) |
|||
| [Affected Platform]
【CVE-2026-34260】 SAP S/4HANA (SAP Enterprise Search for ABAP) Version(s) - SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816 【CVE-2026-34263】 SAP Commerce cloud Version(s) - HY_COM 2205, COM_CLOUD 2211, 2211-JDK21 |
|||
| [Recommended Actions]
Perform patching according to the solution released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html |
|||
|
[Reference] |
|||