【Vulnerability Alert】Critical Security Vulnerability Identified in SAP Business Planning and Consolidation and Enterprise Data Warehouse Systems (CVE-2026-27681)
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026041709040000 | Publication Time | 2026/04/17 09:39 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/04/17 09:39 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Critical Security Vulnerability Identified in SAP Business Planning and Consolidation and Enterprise Data Warehouse Systems (CVE-2026-27681) |
|||
| [Content] Forwarded from TWCERTCC-200-202604-00000017 SAP has issued a critical security vulnerability advisory for its Business Planning and Consolidation system (SAP Business Planning and Consolidation) and Enterprise Data Warehouse system (SAP Business Warehouse) (CVE-2026-27681, CVSS: 9.9). This vulnerability allows an authenticated attacker to read, modify, and delete database data through specially crafted SQL statements, thereby affecting the confidentiality, integrity, and availability of the system. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform]
HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816 |
|||
| [Recommended Actions]
Please apply the remediation in accordance with the solution provided on the official website. |
|||
| [Reference] [參考資料:] 1. https://www.twcert.org.tw/tw/cp-169-10848-60abd-1.html |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw