Home
1
Hot News
2
Information Security
3
[TWCERT 分享資安情資]_SAP針對旗下多款產品發布重大資安公告4
https://www.kjintelligent.com/en/ KJ Intelligent Corp.
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
KJ Intelligent and Cloud Intelligent Operation jointly launch cybersecurity integration solution Defend against cyberattacks and help businesses effectively enhance their cybersecurity capabilities during the digital transformation process. https://www.kjintelligent.com/en/hot_496856.html KJ Intelligent and Cloud Intelligent Operation jointly launch cybersecurity integration solution 2026-07-03 2027-07-03
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_496856.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_496856.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-07-03 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_496856.html


【出處:台灣電腦緊急應變小組 TWCert】

【CVE-2026-40128,CVSS:9.0】
SAP NetWeaver Application Server Java (Web Con
tainer)允許未經身分驗證的攻擊者,透過精心設計HTTP登入請求進而觸發路徑遍歷行為。
【CVE-2
026-27671,CVSS:9.8】
由於SAP NetWeaver AS ABAP and ABAP Platform 所使用的RFC協定驗證不
足,未經身分驗證的攻擊者可透過精心設計的RFC請求,利用記憶體的邏輯錯誤進而損壞。
【CVE-2
026-44748,CVSS:9.9】
SAP NetWeaver AS ABAP and ABAP Platform允許具有普通權限且經身分驗
證的攻擊者取得有效簽署訊息後,對簽署文件內容進行竄改後提交給驗證者。
◎建議措施:
根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/kn
owledge-base/security-notes-news/june-2026.html
◎相關IOC資訊:
◎備註:
◎參考資料:
1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/
june-2026.html
2. https://www.cve.org/CVERecord?id=CVE-2026-40128
3. https://www.cve.org
/CVERecord?id=CVE-2026-27671
4. https://www.cve.org/CVERecord?id=CVE-2026-44748

Previous Back to List Next