【Vulnerability Alert】SAP Releases Critical Security Advisories for Multiple Products
Subject: 【Vulnerability Alert】SAP Releases Critical Security Advisories for Multiple Products
Description:
Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202605-00000005
【CVE-2026-34260, CVSS: 9.6】 An SQL Injection vulnerability exists in SAP S/4HANA (SAP Enterprise Search for ABAP), allowing authenticated attackers to inject malicious SQL syntax via user-controlled inputs. These are passed to the underlying database without proper validation or filtering, potentially leading to unauthorized access to sensitive database information and affecting the confidentiality and availability of the application.
【CVE-2026-34263, CVSS: 9.6】 SAP Commerce Cloud allows unauthenticated attackers to perform malicious configuration uploads and code injection, leading to arbitrary server-side code execution. This may impact the confidentiality, integrity, and availability of the application.