CVE-2026-27671— SAP NetWeaver ABAP Platform 安全漏洞
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 13
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| SAP_SE | SAP NetWeaver AS ABAP and ABAP Platform | KRNL64NUC 7.22 | affected |
7.22EXT | affected | ||
KRNL64UC 7.22 | affected | ||
722EXT | affected | ||
7.53 | affected | ||
KERNEL 7.22 | affected | ||
7.54 | affected | ||
7.77 | affected | ||
| … +5 more rows | |||
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-27671の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform
ソース: NVD (National Vulnerability Database)
脆弱性説明
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
栈缓冲区溢出
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
SAP NetWeaver ABAP Platform 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
SAP NetWeaver ABAP Platform是德国思爱普(SAP)公司的一个一体化技术平台。 SAP NetWeaver ABAP Platform 存在安全漏洞,该漏洞源于RFC协议验证不当,可能导致未经身份验证的攻击者发送特制RFC请求,利用内存管理逻辑错误导致内存损坏,对应用机密性、完整性和可用性造成高影响。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver AS ABAP and ABAP Platform | KRNL64NUC 7.22 | - |
II. CVE-2026-27671の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-27671のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-27671 厂商页面 (1)
Same Patch Batch · SAP_SE · 2026-06-09 · 12 CVEs total
| CVE-2026-44748 | 9.9 CRITICAL | XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2026-40128 | 9.0 CRITICAL | Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) |
| CVE-2026-44751 | 7.1 HIGH | Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform |
| CVE-2026-44754 | 6.6 MEDIUM | Missing caller identification check-in for ODP Data Replication APIs |
| CVE-2026-44744 | 6.5 MEDIUM | SQL Injection vulnerability in SAP S/4HANA |
| CVE-2026-44746 | 6.1 MEDIUM | Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Ser |
| CVE-2026-44757 | 4.7 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager |
| CVE-2026-44750 | 4.3 MEDIUM | Missing Authorization check in SAP MDG (Review Match Groups Application) |
| CVE-2026-44755 | 4.3 MEDIUM | Email Spoofing vulnerability in SAP Business Objects Business Intelligence Platform |
| CVE-2026-24315 | 4.2 MEDIUM | Path Traversal Vulnerability in SAP Fiori (launchpad) |
| CVE-2026-44743 | 3.7 LOW | Security Misconfiguration vulnerability in SAP Business Objects |
IV. 関連脆弱性
- CVE-2026-44751
Missing Authorization check in Application Server ABAP of SA - CVE-2026-44748
XML Signature Wrapping in SAML Authentication in SAP NetWeav - CVE-2026-23687
XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Pla - CVE-2025-42902
Memory Corruption vulnerability in SAP Netweaver AS ABAP and - CVE-2025-0063
SQL Injection vulnerability in SAP NetWeaver AS for ABAP and
同じベンダー: SAP_SE
- CVE-2026-44757
Cross-Site Scripting (XSS) vulnerability in SAP Wily Introsc - CVE-2026-44755
Email Spoofing vulnerability in SAP Business Objects Busines - CVE-2026-44754
Missing caller identification check-in for ODP Data Replicat - CVE-2026-44751
Missing Authorization check in Application Server ABAP of SA - CVE-2026-44750
Missing Authorization check in SAP MDG (Review Match Groups
同じ弱点: CWE-121
- CVE-2026-48715
radvdump's Route Information Option Parser has a Stack Buffe - CVE-2026-55738
Stack Buffer Overflow in rxi/microtar raw_to_header() via no - CVE-2026-10829
NPort W2150A-W4/W2250A-W4远程代码执行漏洞 - CVE-2026-7273
Zyxel GS1900-48HPv2固件堆栈溢出致命令执行 - CVE-2026-12222
Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToo
V. CVE-2026-27671へのコメント
まだコメントはありません