Inprosec a través de sus servicios, como el SAP Security Assessment, ayuda a sus clientes a mejorar los niveles de seguridad de sus sistemas SAP.
Notas junio 2026
Resumen y highlights del Mes
Este mes el número total ha sido de 15 notas (todas nuevas, sin actualizaciones), la misma cantidad que en mayo. Este mes se han publicado 4 Hot News, dos más que en el periodo anterior. En cuanto a notas de criticidad alta, hay 2, una más con respecto a mayo. Las notas medias y bajas no serán revisadas, por lo que daremos detalle de un total de 6 notas (todas las que tengan un CVSS de 7 o mayor).
Tenemos un total de 15 notas para todo el mes (las 15 son nuevas y no hay actualizaciones de notas de meses anteriores).
Revisaremos en detalle un total de 6 notas, todas de criticidad alta y Hot News:
-
La nota más alta en criticidad del mes (CVSS 9,9) es una Hot News y está relacionada con “XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform”.
-
La segunda nota en criticidad (CVSS 9,8) es otra Hot News y está relacionada con “Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform”.
-
La tercera nota en criticidad (CVSS 9,1) es otra Hot News y está relacionada con “Potential Spring Security vulnerability within SAP Commerce Cloud and SAP Data Hub”.
-
La cuarta nota en criticidad (CVSS 9,0) es la última Hot News del mes y está relacionada con “Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)”.
-
La quinta nota que revisaremos (CVSS 7,4) es de criticidad alta y trata sobre “Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud”.
-
La última nota que revisaremos (CVSS 7,1) es de criticidad alta y trata sobre “Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform”.
Este mes el tipo más predominante ha sido “Missing Authorization check” (3/15 en el patch day).
En la gráfica podemos ver la clasificación de las notas de junio, además de la evolución y clasificación de los últimos 5 meses anteriores (solo las notas del Sec. Tuesday / Patch Day – by SAP):
Detalle completo
El detalle completo de las notas más relevantes es el siguiente (en inglés):
-
XML Signature Wrapping in SAML Authentication in SAP NetWeaver AS ABAP and ABAP Platform (3746332): SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application. A temporary workaround is available. CVSS v3 Base Score 9,9/10 [CVE-2026-44748]
-
Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform (3717897): Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application. CVSS v3 Base Score 9,8/10 [CVE-2026-27671]
-
Potential Spring Security vulnerability within SAP Commerce Cloud and SAP Data Hub (3748262): SAP Commerce Cloud and SAP Data Hub use a version of Spring Security that could be vulnerable to CVE-2026-22732. Under certain conditions Spring Security might not write HTTP response headers, including important security headers, which might lead to high impact on confidentiality and integrity, no impact on availability. CVSS v3 Base Score 9,1/10 [CVE-2026-22732]
-
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) (3727078): SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. CVSS v3 Base Score 9,0/10 [CVE-2026-40128]
-
Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud (3747484): This Security note addresses multiple known vulnerabilities in Apache Tomcat within SAP Commerce Cloud. SAP Commerce Cloud uses a version of Apache Tomcat that is affected by multiple known vulnerabilities impacting certificate-based authentication and validation mechanisms. These flaws may allow unauthorized access, enable attackers to bypass client certificate enforcement, or use revoked certificates for authentication. These conditions arise only under specific non-default configurations and have a high impact on confidentiality and integrity of the application, while availability is not impacted. A temporary workaround is available. CVSS v3 Base Score 7,4/10 [CVE-2026-29145, CVE-2025-66614, CVE-2026-24734]
-
Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform (3735546): Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application. CVSS v3 Base Score 7,1/10 [CVE-2026-44751]
Enlaces de referencia
Referencias, en inglés de SAP y Onapsis:
Recursos afectados
El listado completo de los sistemas/componentes afectados es el siguiente:
-
SAP NetWeaver AS ABAP and ABAP Platform (SAML Authentication): SAP_BASIS 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 804, 816, 918, 919
-
SAP NetWeaver AS ABAP and ABAP Platform (Memory Corruption): KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 91.9
-
SAP Commerce Cloud and SAP Data Hub: HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211, 2211-JDK21, DHUB_CLOUD 2211
-
SAP NetWeaver Application Server Java (Web Container): ENGINEAPI 7.50
-
SAP Commerce Cloud (Apache Tomcat): HY_COM 2205, COM_CLOUD 2211, 2211-JDK21
-
SAP NetWeaver AS ABAP and ABAP Platform (Missing Authorization): SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 816