CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

PT-2026-39926

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-27677 Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Structures, which stems from the lack of authorization checks. This...

CVE-2026-27687

CVE-2026-27687: A missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal allows a user with high privileges to access another company’s sensitive data. Root cause: lack of authorization validation. Impact: High confidentiality impact; no reported integrity or availabilit...

CVE-2026-24314

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

CVE-2026-24314

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

CVE-2026-24314

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

PT-2026-21664

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP NetWeaver, SAP Business Connector, SAP HANA, and SAP S/4HANA. The vulnerabilities include deserialization, code injection, insufficient validation, and information disclosure. These vulnerabilities can be exploited by attackers to...

EUVD-2025-34118

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

EUVD-2021-20378

Malware in sbrugna...

EUVD-2020-27334

Malware in sbrugna...