Cert-In-Advisories

[CIAD-2026-0006] Multiple Vulnerabilities in SAP Products

By Published On: February 13, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in SAP Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: High


Software Affected


SAP CRM and SAP S/4HANA (Scripting Editor)

SAP NetWeaver Application Server ABAP and ABAP Platform

SAP Supply Chain Management

SAP Solution Tools Plug-In (ST-PI)

SAP Commerce Cloud

SAP BusinessObjects Business Intelligence Platform

SAP NetWeaver Application Server ABAP and SAP S/4HANA

SAP Document Management System

Business Server Pages Application (TAF_APPLAUNCHER)

SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP Business One (B1 Client Memory Dump Files)

SAP Business Workflow

ABAP-based SAP systems

SAP BusinessObjects Enterprise (Central Management Console)

SAP NetWeaver (JMS service)

SAP Fiori App (Manage Service Entry Sheets ¿ Lean Services)

SAP Support Tools Plug-In

SAP S/4HANA Defense& Security (Disconnected Operations)

SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)

SAP NetWeaver Application Server Java

Overview


Multiple vulnerabilities have been reported in SAP products which could allow an attacker to perform code injection, SQL injection, cross-site scripting (XSS) attacks, escalate privileges, execute arbitrary commands, bypass authorization checks, conduct open redirect attacks, exploit race conditions, disclose sensitive information, perform CRLF injection, cause memory corruption, and launch denial of service (DoS) attacks on the targeted system.


Target Audience:

SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscape, and application developers using affected SAP products and components.


Risk Assessment:

High risk of unauthorized access, data compromise, and potential remote code execution.


Impact Assessment:

Potential remote code execution, data compromise, and system takeover.


Description


Multiple vulnerabilities have been reported in SAP products.


 


Solution


Apply appropriate fixes as mentioned in SAP Security Advisory:   

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2026.html


Vendor Information


SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2026.html


References


SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2026.html


CVE Name

CVE‑2026‑0488

CVE‑2026‑0509

CVE‑2026‑23687

CVE‑2026‑23689

CVE‑2026‑24322

CVE‑2026‑0490

CVE‑2026‑0485

CVE‑2025‑12383

CVE‑2026‑0508

CVE‑2026‑0484

CVE‑2026‑24324

CVE‑2026‑0505

CVE‑2026‑24323

CVE‑2026‑24328

CVE‑2025‑0059

CVE‑2026‑23684

CVE‑2026‑24319

CVE‑2026‑24321

CVE‑2026‑24312

CVE‑2026‑0486

CVE‑2026‑24325

CVE‑2026‑23685

CVE‑2026‑23688

CVE‑2026‑23681

CVE‑2026‑24326

CVE‑2026‑24327

CVE‑2026‑23686

CVE‑2026‑24320

CVE‑2026‑0488

CVE‑2026‑0509

CVE‑2026‑23687

CVE‑2026‑23689

CVE‑2026‑24322

CVE‑2026‑0490

CVE‑2026‑0485

CVE‑2025‑12383

CVE‑2026‑0508

CVE‑2026‑0484

CVE‑2026‑24324

CVE‑2026‑0505

CVE‑2026‑24323

CVE‑2026‑24328

CVE‑2025‑0059

CVE‑2026‑23684

CVE‑2026‑24319

CVE‑2026‑24321

CVE‑2026‑24312

CVE‑2026‑0486

CVE‑2026‑24325

CVE‑2026‑23685

CVE‑2026‑23688

CVE‑2026‑23681

CVE‑2026‑24326

CVE‑2026‑24327

CVE‑2026‑23686

CVE‑2026‑24320




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmPPmwACgkQ3jCgcSdc

ys+S2BAAjyiSHoWBf4Yb6uUkXSQ9wWcJOGrw//MfLmaIcUNwJ/VwoXwRSU6hNklc

W9meFE/YOb3DYNByr9vucSRmOrYQJqRgV1KmX9fYs75aBdDlzJtftJNvY/9HPJUX

cQWG1+dOZwZ+dd7tDLf6sI7Zx1a7LAKwM8CvotR4ofEyOs/yjZ7qlsbhGzyKrxfw

QiuGEM6Bh97PhKNvD9GXj96XhyOtC2Wr84BALyH4iEvALF5uBtdS3LbQnkCgj083

fpAewXC0VmvAJormfR0y1wJHFU6TWPUxfZ2+63KxiqQpoz2o99zhweZM96TdEPRd

56R7I+mXMvCGBkwBzjpUF2PlMon0VRU+lH0Ana0yKcDoh8hFGd72rbnBrZwvie7r

jvF9gXqlo/7na0CJCOXyjE4CusRL/Ncds/RQvD1STPAaLKT87PfNTQbHo4FCUFyZ

ay9y3zipFE38TiMG16afc9j8aPJEyh2BI3/mQadnURvLEudchsoGsfs1QwGyZBfk

cJil/O+crtChLPhp7+zrThM9QSzwW02UZLKGSBkm2tBS8e+jQFRnxgndRvNdco8F

PfyYJ3SdfX/g2MzlRY6jLLj3/Dw9Qe5BALQbGdP7/RJCJIHJtWofyQwV0F4wmwhA

JStbs3vhZZXQUZ+bb0Su9pg5s/qRqZiIb7UZri7eOac+oMsHxZs=

=0uKG

—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIAD-2026-0007] Multiple Vulnerabilities in Apple Products

[CIAD-2026-0007] Multiple Vulnerabilities in Apple Products

February 13, 2026
[CIVN-2026-0089] Multiple vulnerabilities in Fortinet products

[CIVN-2026-0089] Multiple vulnerabilities in Fortinet products

February 13, 2026
[CIVN-2026-0088] Multiple Vulnerabilities in MongoDB

[CIVN-2026-0088] Multiple Vulnerabilities in MongoDB

February 13, 2026
Total Views: 21|Daily Views: 5
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!