Print - 【Vulnerability Alert】SAP Released Critical Security Advisories for Several of Its Products

【Vulnerability Alert】SAP Released Critical Security Advisories for Several of Its Products_1150612

publish date : 2026-06-12 update date : 2026-06-12

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026061201061010	Publication Time	2026-06-12 13:35:11
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026-06-12 13:35:11
Impact Level	Low
[Subject] 【Vulnerability Alert】SAP Released Critical Security Advisories for Several of Its Products
[Content] Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000009 【CVE-2026-40128, CVSS: 9.0】 SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to trigger path traversal through a specially crafted HTTP login request. 【CVE-2026-27671, CVSS: 9.8】 Due to insufficient validation of the RFC protocol used by SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker may exploit a logical error in memory through a specially crafted RFC request, thereby causing memory corruption. 【CVE-2026-44748, CVSS: 9.9】 SAP NetWeaver AS ABAP and ABAP Platform allow an authenticated attacker with regular privileges to obtain a validly signed message, tamper with the contents of the signed document, and then submit it to a verifier. Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)
[Affected Platform] SAP NetWeaver AS ABAP and ABAP Platform Version(s) - KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 91.9 SAP NetWeaver AS ABAP and ABAP Platform Version(s) - SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918, SAP_BASIS 919 SAP NetWeaver Application Server Java (Web Container) Version(s) - ENGINEAPI 7.50
[Recommended Actions] Apply patches according to the solution released on the official website: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2026.html
[Reference] https://www.twcert.org.tw/tw/cp-169-10963-9280d-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center