—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in SAP Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Critical

Software Affected

SAP S/4HANA (SAP Enterprise Search for ABAP)

SAP Commerce Cloud

SAP Forecasting & Replenishment

SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP S/4HANA Condition Maintenance

Business Server Pages Application (TAF_APPLAUNCHER)

SAP Business Objects Business Intelligence Platform

SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)

SAPUI5 (Search UI)

SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

SAP Financial Consolidation

SAP Incentive and Commission Management

SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

SAP HANA Deployment Infrastructure (HDI) deploy library

Overview

Multiple vulnerabilities have been reported in SAP products which could allow an attacker to execute arbitrary commands, perform SQL injection, bypass authentication and authorization checks, conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, inject malicious code, spoof content, and cause denial of service (DoS) conditions on the targeted system.

Target Audience:

SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscape, and application developers using affected SAP products and components.

Risk Assessment:

High risk of unauthorized access, data compromise, and potential remote code execution.

Impact Assessment:

Potential remote code execution, data compromise, and system takeover.

Description

Multiple vulnerabilities have been reported in SAP products.

 

Solution

Apply appropriate fixes as mentioned in SAP Security Advisory:  

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html

Vendor Information

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html

References

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html

CVE Name

CVE-2026-34260

CVE-2026-34263

CVE-2026-34259

CVE-2026-40135

CVE-2026-40133

CVE-2026-40137

CVE-2026-0502

CVE-2026-40132

CVE-2025-68161

CVE-2026-34258

CVE-2026-27682

CVE-2026-40136

CVE-2026-40134

CVE-2026-40129

CVE-2026-40129

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoF6OcACgkQ3jCgcSdc

ys/6qQ/9GOvcyuLeAbTHhVgJQHMhnx92rxk6ZbBTx7b5MeP7WF6IwS8Tt2YU4y8A

F/xELK+sa0g3wOUjh0OJYGmjYMljWQzuV46Lak3p4hll5wyBEfU9+lWerdWJjm8F

E4RVDbzWcAVVnUb7K1iCCbr5nEuyOcrtx5PDeEO2OgUwZCrjsY8pZfHgG4aCq8YB

PQCpV+ms7gpRocB2fP5xBu5J+mr/IGRG1HvcZGlqMKIYGUxNYgHLqSXlBIilmJhU

unAKf/01oVv28hC6353i4+XkstA8ChRvqDKxuB6VRs52PfcIGboYvJn+ddDvSYce

fVDlkB2tXcDlkUG/g98a2WmAHF6q1w1ZEH7pNoWe9gBcxZPOLv8FuRdl47GBnSvd

eTfW8sqlmb414di2o7uc5SAO+VotKZMq78v5l7o1ps7Zet68fdRJtfoXk+zaJaEY

/vMD+JHyj0H3z0hH/Qv92zeHpGH90vOnkpClGNREyGqoVgN4MwUa6yS9LItp/zpm

PMNyqn1Pu0C5aeXuerBW5jQxlYNQ9sDtCMYr06UbL5DJvm+iPJq5bbBG/ZAJs3Qj

nmvl0ozZ7qbJ7JeWSw3aoAnaU2x2PP0BnamxhG+Z4aPv8Yc2rOAFmh9lvDG+Jf5N

CFdHSg+b+Dz4rp3kBjzB8jZ9cJzPb1xC2MOx6eiFzJV9pI0Rnfc=

=BX0X

—–END PGP SIGNATURE—–