—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in SAP Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Critical

Software Affected

SAP S/4HANA (On-Premise and Private Cloud)

Material Master Application

SAP S4CORE (Manage Journal Entries)

SAP S/4HANA OData Service

SAP ERP

SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW)

SAP BusinessObjects Business Intelligence Platform

SAP Human Capital Management (SAP S/4HANA)

SAP Business Analytics and SAP Content Management

SAP Supplier Relationship Management (SRM Server)

SAP HANA Platform components (HANA Cockpit and HANA Database Explorer)

SAP NetWeaver Application Server (ABAP and Java) including Web Dynpro

SAP Landscape Transformation

Overview

Multiple vulnerabilities have been reported in SAP products which could allow an attacker to perform SQL injection, code injection, cross-site scripting (XSS), open redirect attacks, information disclosure, and bypass authorization checks, or execute arbitrary commands and cause denial of service (DoS) conditions on the targeted system.

Target Audience:

SAP administrators, SAP security and IT infrastructure teams, and application developers managing or supporting affected SAP systems.

Risk Assessment:

High risk of unauthorized access, data manipulation, service disruption, and redirection of users to malicious resources.

Impact Assessment:

Potential remote code execution, data compromise, and system takeover.

Description

Multiple vulnerabilities have been reported in SAP products.

Solution

Apply appropriate fixes as mentioned in SAP Security Advisory:  

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

Vendor Information

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

References

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

CVE Name

CVE-2026-27681

CVE-2026-34256

CVE-2025-64775

CVE-2026-34264

CVE-2026-34261

CVE-2026-27677

CVE-2026-27678

CVE-2026-27679

CVE-2026-0512

CVE-2026-27674

CVE-2026-34257

CVE-2026-34262

CVE-2026-27673

CVE-2026-27672

CVE-2026-27676

CVE-2025-42899

CVE-2026-24318

CVE-2026-27683

CVE-2026-27680

CVE-2026-27675

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnfpegACgkQ3jCgcSdc

ys/MSRAAqI65FfSLb3hbo7qwT0Pqfqg4GTYQsWUesJ3UP62gaeiYHQHxbKlxiro7

4xieBCHodyTRP4UzQihFCcT7+hhxNR6ikw3zG7SjkPfpx6SnFc0g66PntdGoiPRi

2zOAjPimbMquBGTSY6erujhkOIJc1cSDEIohrEEVidO0gfdte8+/SdkPgh17WIJu

iTh38UkLQWyCJVB9LPBYaWJ+nmeHqEyZjjUS9muNOIiBUJXRwyIUT2MZUdwkRhwr

dw8QNM9MIyNqkxab7bQ+TsZXDqx7EUkOt0/q5RvQp1nPGHl0X6ZErB+CVpuZs9Jn

CVpAvUmxDld8RW1k2hq9KthwtPUnEP1mFphWVBHTzBRsqUFxNQTsXM93nCSw07Tk

PFSV2dMjT9Xx4kpbN+WRSZQJQtf3C+P4iImOh4XW6UZebR8175BPCmcD5rlkQwZ2

2YKHCM5jZ/6FT+rvCZ95raekW2VIwXl+Tv8e8f9G0+dA0/5uPcmNZMsmUd1Na4jG

zvj7nEuMtDTllT60Rxq6HnHFjzYhXIKw6Q76e7m7GslPGmdaGAkWxSyBHumkG5Wb

nXjo9OHKpshTKJCjmPGHx1ePyv8qqrTQV9BkkZ5QPdqLWhEIr+YMZ6CMBdU02Hh2

Su/g9nlvZtJXFYqLy+xNOmxQJg67MaZSTcue6LNml4+goT/PBRE=

=9v5o

—–END PGP SIGNATURE—–