CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2026-0498

CVSS 9.1v3.1pub. 2026-01-13upd. 2026-01-22

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Sap S\/4 Hana

    APP
    Sap
    102103104105106107108109
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-26832HIGH7.6ten sam produkt

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_...

CVE-2020-6188HIGH8.8ten sam produkt

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617,...

CVE-2024-45282MEDIUM4.3ten sam produkt

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be ...

CVE-2024-34691MEDIUM6.5ten sam produkt

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an au...

CVE-2023-41368LOW2.7ten sam produkt

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an at...

CVE-2026-0498 β€” Sap β€” S\/4 Hana β€” CRITICAL β€” CVSS 9.1 | CVEbaza.pl