Vulnerability-Lookup

CVE-2026-34260 (GCVE-0-2026-34260)

Vulnerability from cvelistv5 – Published: 2026-05-12 02:20 – Updated: 2026-05-12 13:08

Title

SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

Summary

SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command

Assigner

sap

References

2 references

URL	Tags
https://me.sap.com/notes/3724838
https://url.sap/sapsecuritypatchday

Impacted products

1 product

Vendor	Product	Version
SAP_SE	SAP S/4HANA (SAP Enterprise Search for ABAP)	Affected: SAP_BASIS 751 Affected: SAP_BASIS 752 Affected: SAP_BASIS 753 Affected: SAP_BASIS 754 Affected: SAP_BASIS 755 Affected: SAP_BASIS 756 Affected: SAP_BASIS 757 Affected: SAP_BASIS 758 Affected: SAP_BASIS 816

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T13:08:10.462092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T13:08:19.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP S/4HANA (SAP Enterprise Search for ABAP)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_BASIS 751"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 752"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 753"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 754"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 755"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 756"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 757"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 758"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 816"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.\u003c/p\u003e"
            }
          ],
          "value": "SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T02:20:21.855Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3724838"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2026-34260",
    "datePublished": "2026-05-12T02:20:21.855Z",
    "dateReserved": "2026-03-26T19:02:45.982Z",
    "dateUpdated": "2026-05-12T13:08:19.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-34260",
      "date": "2026-05-13",
      "epss": "0.00013",
      "percentile": "0.02361"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-34260\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2026-05-12T03:16:11.517\",\"lastModified\":\"2026-05-12T14:19:41.400\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3724838\",\"source\":\"cna@sap.com\"},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34260\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-12T13:08:10.462092Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-12T13:08:16.396Z\"}}], \"cna\": {\"title\": \"SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP S/4HANA (SAP Enterprise Search for ABAP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"SAP_BASIS 751\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 752\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 753\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 754\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 755\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 756\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 757\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 758\"}, {\"status\": \"affected\", \"version\": \"SAP_BASIS 816\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3724838\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2026-05-12T02:20:21.855Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-34260\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T13:08:19.771Z\", \"dateReserved\": \"2026-03-26T19:02:45.982Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2026-05-12T02:20:21.855Z\", \"assignerShortName\": \"sap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

NCSC-2026-0140

Vulnerability from csaf_ncscnl - Published: 2026-05-12 12:21 - Updated: 2026-05-12 12:21

Summary

Kwetsbaarheden verholpen in diverse SAP-producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: SAP heeft kwetsbaarheden verholpen in SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting & Replenishment, SAP NetWeaver Application Server voor ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scorecard Wizard, SAPUI5 Search UI, SAP Financial Consolidation, SAP Incentive and Commission Management, SAP Application Server ABAP voor SAP NetWeaver en ABAP Platform, en SAP HANA Deployment Infrastructure.

Interpretaties: De kwetsbaarheden betreffen verschillende typen beveiligingsproblemen binnen de genoemde SAP-producten. - In SAP S/4HANA's Enterprise Search for ABAP module kunnen geauthenticeerde aanvallers SQL-injecties uitvoeren, wat kan leiden tot ongeautoriseerde toegang tot gevoelige data en applicatiecrashes. - SAP Commerce Cloud bevat een configuratiefout in Spring Security waardoor ongeauthenticeerde gebruikers kwaadaardige configuraties kunnen uploaden en daarmee willekeurige server-side code kunnen uitvoeren. - In SAP Forecasting & Replenishment en SAP NetWeaver Application Server voor ABAP kunnen geauthenticeerde gebruikers met administratieve rechten OS-commando's uitvoeren, wat kan resulteren in systeemcompromittering of verstoring van de applicatie. - SAP S/4HANA Condition Maintenance heeft een ontbrekende autorisatiecontrole waardoor geauthenticeerde gebruikers records kunnen bekijken en wijzigen zonder de juiste permissies. - SAP Business Server Pages Application component TAF_APPLAUNCHER en SAP NetWeaver Application Server ABAP bevatten Cross-Site Scripting (XSS) kwetsbaarheden die het mogelijk maken om gebruikers te misleiden via kwaadaardige links. - SAP BusinessObjects Business Intelligence Platform heeft een Cross Site Request Forgery (CSRF) kwetsbaarheid die geauthenticeerde gebruikers kan misleiden tot het uitvoeren van ongewenste acties. - SAP Strategic Enterprise Management Scorecard Wizard kent een autorisatiefout waardoor geauthenticeerde gebruikers toegang krijgen tot niet-toegestane informatie en instellingen kunnen wijzigen. - SAPUI5 Search UI is kwetsbaar voor URL-parameter manipulatie die kan leiden tot het injecteren van kwaadaardige content en gebruikers kan omleiden naar aanvallersites. - SAP Financial Consolidation bevat een kwetsbaarheid waarmee geauthenticeerde gebruikers sessies van andere gebruikers kunnen beëindigen, wat de beschikbaarheid beïnvloedt. - SAP Incentive and Commission Management heeft onvoldoende autorisatiecontrole waardoor geauthenticeerde gebruikers database tabellen kunnen aanpassen. - SAP Application Server ABAP voor SAP NetWeaver en ABAP Platform bevat een code-injectie kwetsbaarheid die geauthenticeerde gebruikers kunnen misbruiken om willekeurige code uit te voeren. - SAP HANA Deployment Infrastructure bevat een SQL-injectie kwetsbaarheid in de @sap/hdi-deploy package, waarbij gebruikers met hoge privileges dynamische SQL-query's kunnen manipuleren, wat de vertrouwelijkheid en beschikbaarheid kan beïnvloeden. Daarnaast is er een gerelateerde kwetsbaarheid in Apache Log4j Core (versies 2.0-beta9 tot 2.25.2) met ontbrekende TLS hostname verificatie, die man-in-the-middle aanvallen mogelijk maakt en ook diverse SAP-producten en andere software beïnvloedt.

Oplossingen: SAP heeft updates uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen. Daarnaast zijn er updates voor Apache Log4j beschikbaar (versies 2.18.0, 2.19.0 en 2.20.0) die de ontbrekende TLS hostname verificatie en andere problemen adresseren. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-459: Incomplete Cleanup

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-295: Improper Certificate Validation

CWE-297: Improper Validation of Certificate with Host Mismatch

CWE-352: Cross-Site Request Forgery (CSRF)

CWE-404: Improper Resource Shutdown or Release

CWE-451: User Interface (UI) Misrepresentation of Critical Information

CWE-862: Missing Authorization

CWE-937: OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

CWE-1035: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CVE-2026-34260

SAP S/4HANA's SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows authenticated attackers to execute malicious SQL, risking unauthorized data access and application crashes.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-34263

SAP Commerce Cloud suffers from a missing authentication check due to improper Spring Security configuration, enabling unauthenticated users to upload malicious configurations and execute arbitrary server-side code, impacting confidentiality, integrity, and availability.

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-459 - Incomplete Cleanup

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-34259

An OS Command Execution vulnerability in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands, risking full system compromise including data breach, modification, or shutdown.

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40135

An OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP enables an authenticated administrator to execute hidden operating system commands, compromising application integrity and availability without impacting confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40133

A missing authorization check in SAP S/4HANA Condition Maintenance permits authenticated attackers to view and modify condition table records without permission, affecting data confidentiality, integrity, and availability at a low severity level.

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-862 - Missing Authorization

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40137

A Cross-Site Scripting (XSS) vulnerability in the SAP Business Server Pages Application (TAF_APPLAUNCHER) allows unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, impacting confidentiality and integrity.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-0502

A Cross Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform allows an authenticated user to be tricked into sending unintended requests, affecting system integrity and availability without compromising data confidentiality.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40132

An authorization flaw in SAP Strategic Enterprise Management's Scorecard Wizard permits authenticated users to access unauthorized data and modify settings, affecting risk evaluations with limited impact on confidentiality and integrity.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 - Missing Authorization

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2025-68161

Multiple Apache Log4j Core versions up to 2.25.2 have a vulnerability in the Socket Appender due to missing TLS hostname verification, enabling man-in-the-middle attacks, affecting products from Oracle, IBM, NetApp, and SAP.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-34258

SAPUI5's Search UI contains a vulnerability allowing unauthenticated attackers to manipulate URL parameters for malicious content injection, potentially redirecting users to attacker-controlled sites, with limited confidentiality impact and no integrity or availability effects.

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-27682

A reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP affects Business Server Pages, allowing unauthenticated attackers to execute malicious scripts via crafted URLs, compromising application confidentiality and integrity.

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40136

SAP Financial Consolidation contains a vulnerability that permits an authenticated attacker to disrupt availability by terminating other users' sessions without impacting data confidentiality or integrity.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40134

The SAP Incentive and Commission Management application contains a vulnerability due to insufficient authorization checks, enabling authenticated users to remotely update tables, resulting in a low integrity risk without impacting confidentiality or availability.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-862 - Missing Authorization

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40129

A Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code via crafted inputs, affecting system integrity without impacting confidentiality or availability.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

CVE-2026-40131

A SQL Injection vulnerability in SAP HANA Deployment Infrastructure's @sap/hdi-deploy package allows high privileged users to manipulate SELECT statements via dynamic SQL without proper parameterization, impacting confidentiality and availability.

3.4 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Known affected 19 products

Product	Identifier	Version	Remediation
vers:unknown/* SAP / Application Server ABAP for NetWeaver and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / Business Server Pages Application		vers:unknown/*
vers:unknown/* SAP / BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / Commerce Cloud Configuration		vers:unknown/*
vers:unknown/* SAP / Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / Forecasting & Replenishment		vers:unknown/*
vers:unknown/* SAP / HANA Deployment Infrastructure deploy library		vers:unknown/*
vers:unknown/* SAP / Incentive and Commission Management		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server ABAP		vers:unknown/*
vers:unknown/* SAP / NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / S4HANA		vers:unknown/*
vers:unknown/* SAP / S4HANA Condition Maintenance		vers:unknown/*
vers:unknown/* SAP / SAP BusinessObjects Business Intelligence Platform		vers:unknown/*
vers:unknown/* SAP / SAP Financial Consolidation		vers:unknown/*
vers:unknown/* SAP / SAP NetWeaver Application Server for ABAP and ABAP Platform		vers:unknown/*
vers:unknown/* SAP / SAP Software		vers:unknown/*
vers:unknown/* SAP / Strategic Enterprise Management		vers:unknown/*
vers:unknown/* SAP / UI5		vers:unknown/*
vers:unknown/* SAP / netweaver_application_server_abap		vers:unknown/*

References

16 references

URL	Category
https://support.sap.com/en/my-support/knowledge-b…	external
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "SAP heeft kwetsbaarheden verholpen in SAP S/4HANA, SAP Commerce Cloud, SAP Forecasting \u0026 Replenishment, SAP NetWeaver Application Server voor ABAP, SAP Business Server Pages, SAP BusinessObjects Business Intelligence Platform, SAP Strategic Enterprise Management Scorecard Wizard, SAPUI5 Search UI, SAP Financial Consolidation, SAP Incentive and Commission Management, SAP Application Server ABAP voor SAP NetWeaver en ABAP Platform, en SAP HANA Deployment Infrastructure.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden betreffen verschillende typen beveiligingsproblemen binnen de genoemde SAP-producten.\n\n- In SAP S/4HANA\u0027s Enterprise Search for ABAP module kunnen geauthenticeerde aanvallers SQL-injecties uitvoeren, wat kan leiden tot ongeautoriseerde toegang tot gevoelige data en applicatiecrashes.\n- SAP Commerce Cloud bevat een configuratiefout in Spring Security waardoor ongeauthenticeerde gebruikers kwaadaardige configuraties kunnen uploaden en daarmee willekeurige server-side code kunnen uitvoeren.\n- In SAP Forecasting \u0026 Replenishment en SAP NetWeaver Application Server voor ABAP kunnen geauthenticeerde gebruikers met administratieve rechten OS-commando\u0027s uitvoeren, wat kan resulteren in systeemcompromittering of verstoring van de applicatie.\n- SAP S/4HANA Condition Maintenance heeft een ontbrekende autorisatiecontrole waardoor geauthenticeerde gebruikers records kunnen bekijken en wijzigen zonder de juiste permissies.\n- SAP Business Server Pages Application component TAF_APPLAUNCHER en SAP NetWeaver Application Server ABAP bevatten Cross-Site Scripting (XSS) kwetsbaarheden die het mogelijk maken om gebruikers te misleiden via kwaadaardige links.\n- SAP BusinessObjects Business Intelligence Platform heeft een Cross Site Request Forgery (CSRF) kwetsbaarheid die geauthenticeerde gebruikers kan misleiden tot het uitvoeren van ongewenste acties.\n- SAP Strategic Enterprise Management Scorecard Wizard kent een autorisatiefout waardoor geauthenticeerde gebruikers toegang krijgen tot niet-toegestane informatie en instellingen kunnen wijzigen.\n- SAPUI5 Search UI is kwetsbaar voor URL-parameter manipulatie die kan leiden tot het injecteren van kwaadaardige content en gebruikers kan omleiden naar aanvallersites.\n- SAP Financial Consolidation bevat een kwetsbaarheid waarmee geauthenticeerde gebruikers sessies van andere gebruikers kunnen be\u00ebindigen, wat de beschikbaarheid be\u00efnvloedt.\n- SAP Incentive and Commission Management heeft onvoldoende autorisatiecontrole waardoor geauthenticeerde gebruikers database tabellen kunnen aanpassen.\n- SAP Application Server ABAP voor SAP NetWeaver en ABAP Platform bevat een code-injectie kwetsbaarheid die geauthenticeerde gebruikers kunnen misbruiken om willekeurige code uit te voeren.\n- SAP HANA Deployment Infrastructure bevat een SQL-injectie kwetsbaarheid in de @sap/hdi-deploy package, waarbij gebruikers met hoge privileges dynamische SQL-query\u0027s kunnen manipuleren, wat de vertrouwelijkheid en beschikbaarheid kan be\u00efnvloeden.\n\nDaarnaast is er een gerelateerde kwetsbaarheid in Apache Log4j Core (versies 2.0-beta9 tot 2.25.2) met ontbrekende TLS hostname verificatie, die man-in-the-middle aanvallen mogelijk maakt en ook diverse SAP-producten en andere software be\u00efnvloedt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "SAP heeft updates uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen. Daarnaast zijn er updates voor Apache Log4j beschikbaar (versies 2.18.0, 2.19.0 en 2.20.0) die de ontbrekende TLS hostname verificatie en andere problemen adresseren. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
        "title": "CWE-89"
      },
      {
        "category": "general",
        "text": "Incomplete Cleanup",
        "title": "CWE-459"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Cross-Site Request Forgery (CSRF)",
        "title": "CWE-352"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      },
      {
        "category": "general",
        "text": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
        "title": "CWE-1035"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in diverse SAP-producten",
    "tracking": {
      "current_release_date": "2026-05-12T12:21:42.857141Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0140",
      "initial_release_date": "2026-05-12T12:21:42.857141Z",
      "revision_history": [
        {
          "date": "2026-05-12T12:21:42.857141Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Application Server ABAP for NetWeaver and ABAP Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Business Server Pages Application"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "BusinessObjects Business Intelligence Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce Cloud Configuration"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Consolidation"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Forecasting \u0026 Replenishment"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "HANA Deployment Infrastructure deploy library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Incentive and Commission Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "NetWeaver Application Server ABAP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "NetWeaver Application Server for ABAP and ABAP Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "S4HANA"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "S4HANA Condition Maintenance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "SAP BusinessObjects Business Intelligence Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "SAP Financial Consolidation"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "SAP NetWeaver Application Server for ABAP and ABAP Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "SAP Software"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Strategic Enterprise Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "UI5"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "netweaver_application_server_abap"
          }
        ],
        "category": "vendor",
        "name": "SAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-34260",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        },
        {
          "category": "description",
          "text": "SAP S/4HANA\u0027s SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows authenticated attackers to execute malicious SQL, risking unauthorized data access and application crashes.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34260 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34260.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-34260"
    },
    {
      "cve": "CVE-2026-34263",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete Cleanup",
          "title": "CWE-459"
        },
        {
          "category": "description",
          "text": "SAP Commerce Cloud suffers from a missing authentication check due to improper Spring Security configuration, enabling unauthenticated users to upload malicious configurations and execute arbitrary server-side code, impacting confidentiality, integrity, and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34263 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34263.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-34263"
    },
    {
      "cve": "CVE-2026-34259",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "An OS Command Execution vulnerability in SAP Forecasting \u0026 Replenishment allows authenticated administrators to execute arbitrary system commands, risking full system compromise including data breach, modification, or shutdown.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34259 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34259.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-34259"
    },
    {
      "cve": "CVE-2026-40135",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "An OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP enables an authenticated administrator to execute hidden operating system commands, compromising application integrity and availability without impacting confidentiality.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40135 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40135.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40135"
    },
    {
      "cve": "CVE-2026-40133",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "A missing authorization check in SAP S/4HANA Condition Maintenance permits authenticated attackers to view and modify condition table records without permission, affecting data confidentiality, integrity, and availability at a low severity level.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40133 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40133"
    },
    {
      "cve": "CVE-2026-40137",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "A Cross-Site Scripting (XSS) vulnerability in the SAP Business Server Pages Application (TAF_APPLAUNCHER) allows unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, impacting confidentiality and integrity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40137 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40137.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40137"
    },
    {
      "cve": "CVE-2026-0502",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Cross-Site Request Forgery (CSRF)",
          "title": "CWE-352"
        },
        {
          "category": "description",
          "text": "A Cross Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform allows an authenticated user to be tricked into sending unintended requests, affecting system integrity and availability without compromising data confidentiality.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0502 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0502.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-0502"
    },
    {
      "cve": "CVE-2026-40132",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "An authorization flaw in SAP Strategic Enterprise Management\u0027s Scorecard Wizard permits authenticated users to access unauthorized data and modify settings, affecting risk evaluations with limited impact on confidentiality and integrity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40132 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40132.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40132"
    },
    {
      "cve": "CVE-2025-68161",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        },
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "description",
          "text": "Multiple Apache Log4j Core versions up to 2.25.2 have a vulnerability in the Socket Appender due to missing TLS hostname verification, enabling man-in-the-middle attacks, affecting products from Oracle, IBM, NetApp, and SAP.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-68161 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2025-68161"
    },
    {
      "cve": "CVE-2026-34258",
      "cwe": {
        "id": "CWE-451",
        "name": "User Interface (UI) Misrepresentation of Critical Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "User Interface (UI) Misrepresentation of Critical Information",
          "title": "CWE-451"
        },
        {
          "category": "description",
          "text": "SAPUI5\u0027s Search UI contains a vulnerability allowing unauthenticated attackers to manipulate URL parameters for malicious content injection, potentially redirecting users to attacker-controlled sites, with limited confidentiality impact and no integrity or availability effects.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34258 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34258.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-34258"
    },
    {
      "cve": "CVE-2026-27682",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "A reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP affects Business Server Pages, allowing unauthenticated attackers to execute malicious scripts via crafted URLs, compromising application confidentiality and integrity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-27682 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27682.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-27682"
    },
    {
      "cve": "CVE-2026-40136",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "SAP Financial Consolidation contains a vulnerability that permits an authenticated attacker to disrupt availability by terminating other users\u0027 sessions without impacting data confidentiality or integrity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40136 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40136.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40136"
    },
    {
      "cve": "CVE-2026-40134",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "The SAP Incentive and Commission Management application contains a vulnerability due to insufficient authorization checks, enabling authenticated users to remotely update tables, resulting in a low integrity risk without impacting confidentiality or availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40134 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40134.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40134"
    },
    {
      "cve": "CVE-2026-40129",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "description",
          "text": "A Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code via crafted inputs, affecting system integrity without impacting confidentiality or availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40129 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40129.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40129"
    },
    {
      "cve": "CVE-2026-40131",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        },
        {
          "category": "description",
          "text": "A SQL Injection vulnerability in SAP HANA Deployment Infrastructure\u0027s @sap/hdi-deploy package allows high privileged users to manipulate SELECT statements via dynamic SQL without proper parameterization, impacting confidentiality and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-40131 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19"
          ]
        }
      ],
      "title": "CVE-2026-40131"
    }
  ]
}

GHSA-MR52-49CX-QRR8

Vulnerability from github – Published: 2026-05-12 03:31 – Updated: 2026-05-12 03:31

Details

Severity ?

9.6 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-34260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T03:16:11Z",
    "severity": "CRITICAL"
  },
  "details": "SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.",
  "id": "GHSA-mr52-49cx-qrr8",
  "modified": "2026-05-12T03:31:27Z",
  "published": "2026-05-12T03:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34260"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3724838"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2026-34260

Vulnerability from fkie_nvd - Published: 2026-05-12 03:16 - Updated: 2026-05-12 14:19

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

Summary

References

	URL	Tags
	cna@sap.com	https://me.sap.com/notes/3724838
	cna@sap.com	https://url.sap/sapsecuritypatchday

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected."
    }
  ],
  "id": "CVE-2026-34260",
  "lastModified": "2026-05-12T14:19:41.400",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 5.8,
        "source": "cna@sap.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-05-12T03:16:11.517",
  "references": [
    {
      "source": "cna@sap.com",
      "url": "https://me.sap.com/notes/3724838"
    },
    {
      "source": "cna@sap.com",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2026-AVI-0567

Vulnerability from certfr_avis - Published: 2026-05-12 - Updated: 2026-05-12

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	N/A	S/4HANA (Enterprise Search for ABAP) versions SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	HANA Deployment Infrastructure (HDI) deploy library version XS_HDI_DEPLOYER 1.00 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Application Server ABAP (Applications based on Business Server Pages) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816 et SAP_BASIS 918 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Application Server for ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) versions SEM-BW 605, 700, 736, 746, 747, 748, 749 et 800 sans le dernier correctif de sécurité
SAP	N/A	Commerce cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité
SAP	N/A	Business Server Pages Application (TAF_APPLAUNCHER) versions ST-PI 740 et 758 sans le dernier correctif de sécurité
SAP	N/A	Forecasting & Replenishment versions SCM 702, 712, 713 et 714 sans le dernier correctif de sécurité
SAP	N/A	Incentive and Commission Management versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 604, 605, 606 et 617 sans le dernier correctif de sécurité
SAP	N/A	S/4HANA Condition Maintenance versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	N/A	BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
SAP	N/A	Application Server ABAP for NetWeaver and ABAP Platform versions SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	Financial Consolidation version FINANCE 1010 sans le dernier correctif de sécurité
SAP	N/A	Commerce Cloud (Apache Log4j) versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité
SAP	N/A	SAPUI5 (Search UI) versions SAPUI5 1.108, 1.120, 1.136, 1.142, 1.71, 1.84 et 1.96 sans le dernier correctif de sécurité

References

Title

Publication Time

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-34260 (GCVE-0-2026-34260)

NCSC-2026-0140

GHSA-MR52-49CX-QRR8

FKIE_CVE-2026-34260

CERTFR-2026-AVI-0567

Solutions

Tags

Sightings

Nomenclature