CVE-2026-34264

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

CVE-2026-27679

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-40133

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

CVE-2026-40131

The CVE-2026-40131 entry concerns the SAP HDI deploy library (@sap/hdi-deploy). Affected component: SQL queries are dynamically constructed from user input without proper parameterization/prepared statements (root cause: lack of parameterization). Impact: confidentiality and availability of the a...

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

SAP HANA Deployment Infrastructure deploy library SQL注入漏洞

SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...

📄 SAP HANA Cockpit / Database Explorer Private Key Disclosure

SAP HANA Cockpit and SAP HANA Database Explorer expose the private key of their X.509 certificate. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

SUSE SLES16 Security Update : google-cloud-sap-agent (SUSE-SU-2026:21210-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21210-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...

SUSE-SU-2026:21210-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changes for google-cloud-sap-agent: Collect...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34264 Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262

CVE-2026-34262 concerns an information disclosure in SAP HANA Cockpit and SAP HANA Database Explorer. Connected sources indicate the issue allows leakage of X.509 private keys via Database Explorer access, enabling potential server impersonation. The PT-2026-32569 note emphasizes that patching al...

CVE-2026-34262

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...