cvelistv5 - cve-2026-0503

CVE-2026-0503 (GCVE-0-2026-0503)

Vulnerability from cvelistv5

Published

2026-01-13 01:14

Modified

2026-01-13 19:09

Severity ?

6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-862 - Missing Authorization

Summary

Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.

References

URL

Tags

	https://me.sap.com/notes/3681523
	https://url.sap/sapsecuritypatchday

Impacted products

	Vendor	Product	Version
	SAP_SE	SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)	Version: SAP_APPL 618 Version: S4CORE 102 Version: 103 Version: 104 Version: 105 Version: 106 Version: 107 Version: 108 Version: 109 Version: EA-APPL 605 Version: 606 Version: 617

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0503",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:07:53.474913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:09:43.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_APPL 618"
            },
            {
              "status": "affected",
              "version": "S4CORE 102"
            },
            {
              "status": "affected",
              "version": "103"
            },
            {
              "status": "affected",
              "version": "104"
            },
            {
              "status": "affected",
              "version": "105"
            },
            {
              "status": "affected",
              "version": "106"
            },
            {
              "status": "affected",
              "version": "107"
            },
            {
              "status": "affected",
              "version": "108"
            },
            {
              "status": "affected",
              "version": "109"
            },
            {
              "status": "affected",
              "version": "EA-APPL 605"
            },
            {
              "status": "affected",
              "version": "606"
            },
            {
              "status": "affected",
              "version": "617"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDue to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.\u003c/p\u003e"
            }
          ],
          "value": "Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T01:14:20.823Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3681523"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2026-0503",
    "datePublished": "2026-01-13T01:14:20.823Z",
    "dateReserved": "2025-12-09T22:06:43.804Z",
    "dateUpdated": "2026-01-13T19:09:43.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0503\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-13T19:07:53.474913Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T19:09:40.767Z\"}}], \"cna\": {\"title\": \"Missing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)\", \"versions\": [{\"status\": \"affected\", \"version\": \"SAP_APPL 618\"}, {\"status\": \"affected\", \"version\": \"S4CORE 102\"}, {\"status\": \"affected\", \"version\": \"103\"}, {\"status\": \"affected\", \"version\": \"104\"}, {\"status\": \"affected\", \"version\": \"105\"}, {\"status\": \"affected\", \"version\": \"106\"}, {\"status\": \"affected\", \"version\": \"107\"}, {\"status\": \"affected\", \"version\": \"108\"}, {\"status\": \"affected\", \"version\": \"109\"}, {\"status\": \"affected\", \"version\": \"EA-APPL 605\"}, {\"status\": \"affected\", \"version\": \"606\"}, {\"status\": \"affected\", \"version\": \"617\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3681523\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDue to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2026-01-13T01:14:20.823Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-0503\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-13T19:09:43.485Z\", \"dateReserved\": \"2025-12-09T22:06:43.804Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2026-01-13T01:14:20.823Z\", \"assignerShortName\": \"sap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0034

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	Application Server for ABAP and NetWeaver RFCSDK	Landscape Transformation versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752 et 2020 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité
SAP	ERP Central Component and S/4HANA	ERP Central Component and S/4HANA (EHS Management) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606 et 617 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server ABAP et ABAP Platform	NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	HANA database version HDB 2.00 sans le dernier correctif de sécurité
SAP	NetWeaver Enterprise Portal	NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité
SAP	Fiori App	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité
SAP	S/4HANA	S/4HANA (Private Cloud and On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	Business Server Pages Application	Business Server Pages Application (Product Designer Web UI) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de sécurité
SAP	Business Connector	Business Connector version SAP BC 4.8 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Business Server Pages Application (Product Designer Web UI) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	NW AS Java UME User Mapping versions ENGINEAPI 7.50, SERVERCORE 7.50 et UMEADMIN 7.50 sans le dernier correctif de sécurité
SAP	Supplier Relationship Management	Supplier Relationship Management (SICF Handler in SRM Catalog) versions SRM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Application Server for ABAP and NetWeaver RFCSDK versions KRNL64UC 7.53, NWRFCSDK 7.50, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	S/4HANA Private Cloud and On-Premise (Financials General Ledger) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	S/4HANA Private Cloud and On-Premise	S/4HANA Private Cloud and On-Premise (Financials General Ledger) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	S/4HANA (Private Cloud and On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	Fiori App	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108, 109 et UIS4H 109 sans le dernier correctif de sécurité
SAP	Wily Introscope Enterprise Manager	Wily Introscope Enterprise Manager (WorkStation) version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	ERP Central Component and S/4HANA (EHS Management) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606 et 617 sans le dernier correctif de sécurité
SAP	NetWeaver Enterprise Portal	NW AS Java UME User Mapping versions ENGINEAPI 7.50, SERVERCORE 7.50 et UMEADMIN 7.50 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Supplier Relationship Management (SICF Handler in SRM Catalog) versions SRM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Identity Management versions IDM_CLM_REST_API 8.0 et IDMIC 8.0 sans le dernier correctif de sécurité
SAP	Identity Management	Identity Management versions IDM_CLM_REST_API 8.0 et IDMIC 8.0 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Wily Introscope Enterprise Manager (WorkStation) version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de sécurité
SAP	HANA database	HANA database version HDB 2.00 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108, 109 et UIS4H 109 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902 et UIS4H 109 sans le dernier correctif de sécurité
SAP	Fiori App	Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902 et UIS4H 109 sans le dernier correctif de sécurité
SAP	Application Server for ABAP and NetWeaver RFCSDK	Business Connector version SAP BC 4.8 sans le dernier correctif de sécurité
SAP	Landscape Transformation	Landscape Transformation versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752 et 2020 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP january-2026

2026-01-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Landscape Transformation versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752 et 2020 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "ERP Central Component and S/4HANA (EHS Management) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606 et 617 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "ERP Central Component and S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server ABAP et ABAP Platform",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HANA database version HDB 2.00 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Enterprise Portal",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Fiori App",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud and On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Server Pages Application (Product Designer Web UI) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Business Server Pages Application",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Connector version SAP BC 4.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Business Connector",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Server Pages Application (Product Designer Web UI) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NW AS Java UME User Mapping versions ENGINEAPI 7.50, SERVERCORE 7.50 et UMEADMIN 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Supplier Relationship Management (SICF Handler in SRM Catalog) versions SRM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Supplier Relationship Management",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Application Server for ABAP and NetWeaver RFCSDK versions KRNL64UC 7.53, NWRFCSDK 7.50, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA Private Cloud and On-Premise (Financials General Ledger) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA Private Cloud and On-Premise (Financials General Ledger) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA Private Cloud and On-Premise",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud and On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108, 109 et UIS4H 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Fiori App",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Wily Introscope Enterprise Manager (WorkStation) version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Wily Introscope Enterprise Manager",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "ERP Central Component and S/4HANA (EHS Management) versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606 et 617 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NW AS Java UME User Mapping versions ENGINEAPI 7.50, SERVERCORE 7.50 et UMEADMIN 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Enterprise Portal",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Supplier Relationship Management (SICF Handler in SRM Catalog) versions SRM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Management versions IDM_CLM_REST_API 8.0 et IDMIC 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Management versions IDM_CLM_REST_API 8.0 et IDMIC 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Identity Management",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Wily Introscope Enterprise Manager (WorkStation) version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HANA database version HDB 2.00 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "HANA database",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108, 109 et UIS4H 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902 et UIS4H 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (Intercompany Balance Reconciliation) versions UIAPFI70 500, 600, 700, 800, 900, 901, 902 et UIS4H 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Fiori App",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Connector version SAP BC 4.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server for ABAP and NetWeaver RFCSDK",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Landscape Transformation versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752 et 2020 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Landscape Transformation",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0507"
    },
    {
      "name": "CVE-2026-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0506"
    },
    {
      "name": "CVE-2026-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0510"
    },
    {
      "name": "CVE-2026-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0500"
    },
    {
      "name": "CVE-2026-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0503"
    },
    {
      "name": "CVE-2026-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0492"
    },
    {
      "name": "CVE-2026-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0498"
    },
    {
      "name": "CVE-2026-0493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0493"
    },
    {
      "name": "CVE-2026-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0514"
    },
    {
      "name": "CVE-2026-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0501"
    },
    {
      "name": "CVE-2026-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0494"
    },
    {
      "name": "CVE-2026-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0497"
    },
    {
      "name": "CVE-2026-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0513"
    },
    {
      "name": "CVE-2026-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0495"
    },
    {
      "name": "CVE-2026-0496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0496"
    },
    {
      "name": "CVE-2026-0491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0491"
    },
    {
      "name": "CVE-2026-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0504"
    },
    {
      "name": "CVE-2026-0499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0499"
    },
    {
      "name": "CVE-2026-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0511"
    }
  ],
  "initial_release_date": "2026-01-14T00:00:00",
  "last_revision_date": "2026-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP january-2026",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-0503 (GCVE-0-2026-0503)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0034

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature