CNNVD-202601-2335 Information

CNNVD ID

CNNVD-202601-2335

Related CVE

CVE-2026-0498

• CNNVD Published: 2026-01-13

Description (Chinese)

SAP S/4HANA是德国思爱普（SAP）公司的一个基于 SAP HANA 内存数据库系统的的企业资源管理软件。 SAP S/4HANA存在代码注入漏洞，该漏洞源于攻击者可通过RFC暴露的函数模块注入任意ABAP代码或OS命令，绕过授权检查，可能导致系统完全被破解。

Description (English)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA memory database system of SAP Germany. SAP S/4HANA has a code-infusion loophole, which stems from the fact that the attackers can inject any ABP code or OS command through a function module exposed by the RFC, bypassing authorized inspections, which may lead to a complete breakdown of the system.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

思爱普

Published

2026-01-13

Last Modified

2026-02-24

References

https://me.sap.com/notes/3694242 https://url.sap/sapsecuritypatchday

Patch

https://url.sap/sapsecuritypatchday