KJ Intelligent Corp.
4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-42957,CVSS:9.9】此漏洞存在於SAP S/4HANA 和 SAP SCM Characteristic Propagation,允許具有使用者權限的攻擊者利用RFC公開功能模組的漏洞,將任意ABAP程式碼注入系統,從而繞過必要的授權檢查。【CVE-2025-42950,CVSS:9.9】該漏洞存在於SAP Landscape Transformation (SLT) ,允許具有使用者權限的攻擊者透過RFC公開功能模組的漏洞,將任意ABAP程式碼注入系統,從而繞過必要的授權檢查。【CVE-2025-42951,CVSS:8.8】SAP Business One(SLD) 存在授權漏洞,允許經過驗證的攻擊者透過呼叫對應的API取得資料庫的管理員權限。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html2. https://www.cve.org/CVERecord?id=CVE-2025-429573. https://www.cve.org/CVERecord?id=CVE-2025-429504. https://www.cve.org/CVERecord?id=CVE-2025-42951
https://www.kjintelligent.com/en/hot_521174.html
[TWCERT 分享資安情資] SAP針對旗下多款產品發布重大資安公告
2025-08-20
2026-08-20
KJ Intelligent Corp.
4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
https://www.kjintelligent.com/en/hot_521174.html
KJ Intelligent Corp.
4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
https://www.kjintelligent.com/en/hot_521174.html
https://schema.org/EventMovedOnline
https://schema.org/OfflineEventAttendanceMode
2025-08-20
http://schema.org/InStock
TWD
0
https://www.kjintelligent.com/en/hot_521174.html
