Search criteria
2 vulnerabilities found for Business One (SLD) by SAP
CERTFR-2026-AVI-0141
Vulnerability from certfr_avis - Published: 2026-02-10 - Updated: 2026-02-10
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | S/4HANA | S/4HANA Defense & Security (Disconnected Operations) versions EA-DFPS 600, 603, 604, 605, 606, 616, 617, 618, 619, 800, 801, 802, 803, 804, 805, 806, 807, 808 et 809 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | BusinessObjects Business Intelligence Platform (AdminTools) versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | BusinessObjects BI Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | Business Objects Business Intelligence Platform | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | N/A | Support Tools Plug-In versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver (JMS service) version J2EE-FRMW 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | ABAP based systems versions ST-PI 2005_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | Document Management System versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 804, SAP_BASIS 916, SAP_BASIS 917 et SAP_BASIS 918 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA | CRM et S/4HANA (Scripting Editor) versions S4FND 102, 103, 104, 105, 106, 107, 108, 109, SAP_ABA 700, WEBCUIF 700, 701, 730, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de sécurité | ||
| SAP | Business One (SLD) | Business One (B1 Client Memory Dump Files) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | Supply Chain Management versions SCMAPO 713, 714, SCM 700, 701, 702 et 712 sans le dernier correctif de sécurité | ||
| SAP | Fiori App | Fiori App (Manage Service Entry Sheets - Lean Services) versions S4CORE 102, 103, 104, 105, 106 et 107 sans le dernier correctif de sécurité | ||
| SAP | N/A | Business Workflow versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver Application Server ABAP and S/4HANA versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité | ||
| SAP | N/A | Business Server Pages Application (TAF_APPLAUNCHER) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver and ABAP Platform (Application Server ABAP) versions [KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 8.04, 9.16, 9.17 et 9.18] sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18 et 9.19 sans le dernier correctif de sécurité | ||
| SAP | N/A | Solution Tools Plug-In (ST-PI) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Enterprise (Central Management Console) versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité | ||
| SAP | N/A | Strategic Enterprise Management (Balanced Scorecard in BSP Application) versions SEM-BW 600, 700, 602, 603, 604, 605, 634, 736, 746, 747, 748 et 800 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver Application Server Java version LMNWABASICAPPS 7.50 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "S/4HANA Defense \u0026 Security (Disconnected Operations) versions EA-DFPS 600, 603, 604, 605, 606, 616, 617, 618, 619, 800, 801, 802, 803, 804, 805, 806, 807, 808 et 809 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform (AdminTools) versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects BI Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Support Tools Plug-In versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (JMS service) version J2EE-FRMW 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "ABAP based systems versions ST-PI 2005_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Document Management System versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 et 617 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 804, SAP_BASIS 916, SAP_BASIS 917 et SAP_BASIS 918 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "CRM et S/4HANA (Scripting Editor) versions S4FND 102, 103, 104, 105, 106, 107, 108, 109, SAP_ABA 700, WEBCUIF 700, 701, 730, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business One (B1 Client Memory Dump Files) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business One (SLD)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Supply Chain Management versions SCMAPO 713, 714, SCM 700, 701, 702 et 712 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Fiori App (Manage Service Entry Sheets - Lean Services) versions S4CORE 102, 103, 104, 105, 106 et 107 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Fiori App",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Workflow versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP and S/4HANA versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Server Pages Application (TAF_APPLAUNCHER) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver and ABAP Platform (Application Server ABAP) versions [KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 8.04, 9.16, 9.17 et 9.18] sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18 et 9.19 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Solution Tools Plug-In (ST-PI) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Enterprise (Central Management Console) versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Strategic Enterprise Management (Balanced Scorecard in BSP Application) versions SEM-BW 600, 700, 602, 603, 604, 605, 634, 736, 746, 747, 748 et 800 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.12 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server Java version LMNWABASICAPPS 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23681"
},
{
"name": "CVE-2026-24326",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24326"
},
{
"name": "CVE-2026-24320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24320"
},
{
"name": "CVE-2026-23688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23688"
},
{
"name": "CVE-2026-24319",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24319"
},
{
"name": "CVE-2026-24321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24321"
},
{
"name": "CVE-2026-0485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0485"
},
{
"name": "CVE-2026-24324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24324"
},
{
"name": "CVE-2026-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0509"
},
{
"name": "CVE-2026-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0508"
},
{
"name": "CVE-2025-12383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12383"
},
{
"name": "CVE-2026-24312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24312"
},
{
"name": "CVE-2026-0486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0486"
},
{
"name": "CVE-2026-23684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23684"
},
{
"name": "CVE-2025-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0059"
},
{
"name": "CVE-2026-23689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23689"
},
{
"name": "CVE-2026-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0484"
},
{
"name": "CVE-2026-24325",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24325"
},
{
"name": "CVE-2026-0488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0488"
},
{
"name": "CVE-2026-0490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0490"
},
{
"name": "CVE-2026-23687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23687"
},
{
"name": "CVE-2026-24322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24322"
},
{
"name": "CVE-2026-23686",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23686"
},
{
"name": "CVE-2026-23685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23685"
},
{
"name": "CVE-2026-24323",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24323"
},
{
"name": "CVE-2026-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0505"
},
{
"name": "CVE-2026-24328",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24328"
},
{
"name": "CVE-2026-24327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24327"
}
],
"initial_release_date": "2026-02-10T00:00:00",
"last_revision_date": "2026-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0141",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SAP february-2026",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2026.html"
}
]
}
CERTFR-2025-AVI-0674
Vulnerability from certfr_avis - Published: 2025-08-12 - Updated: 2025-08-12
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | Landscape Transformation | Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 | ||
| SAP | S/4HANA | S/4HANA (Bank Communication Management) Versions SAP_APPL 606, SAP_FIN 617, 618, 720, 730, S4CORE 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP versions KRNL64UC 7.53, KERNEL versions 7.53, 7.54, 7.77, 7.89 et 7.93 | ||
| SAP | Business One (SLD) | Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 107, 108, 109, BBPCRM 713 et 714 | ||
| SAP | S/4HANA | S/4HANA avec le composant S4CORE versions 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | Cloud Connector | Cloud Connector version SAP_CLOUD_CONNECTOR 2.0 | ||
| SAP | SAP GUI pour Windows | SAP GUI pour Windows version BC-FES-GUI 8.00 | ||
| SAP | NetWeaver ABAP Platform | NetWeaver ABAP Platform versions SAP_BASIS 758, SAP_BASIS 816 et SAP_BASIS 916 | ||
| SAP | Fiori | Fiori (Launchpad) version SAP_UI 754 | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 914 et SAP_BASIS 916 | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | NetWeaver Application Server ABAP et ABAP Platform (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16 | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (BIC Document) versions S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747 et 748 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020",
"product": {
"name": "Landscape Transformation",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Bank Communication Management) Versions SAP_APPL 606, SAP_FIN 617, 618, 720, 730, S4CORE 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP versions KRNL64UC 7.53, KERNEL versions 7.53, 7.54, 7.77, 7.89 et 7.93",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0",
"product": {
"name": "Business One (SLD)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 107, 108, 109, BBPCRM 713 et 714",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA avec le composant S4CORE versions 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Cloud Connector version SAP_CLOUD_CONNECTOR 2.0",
"product": {
"name": "Cloud Connector",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI pour Windows version BC-FES-GUI 8.00",
"product": {
"name": "SAP GUI pour Windows",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver ABAP Platform versions SAP_BASIS 758, SAP_BASIS 816 et SAP_BASIS 916",
"product": {
"name": "NetWeaver ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Fiori (Launchpad) version SAP_UI 754",
"product": {
"name": "Fiori",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 914 et SAP_BASIS 916",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP et ABAP Platform (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 et 9.16",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (BIC Document) versions S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747 et 748",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42943"
},
{
"name": "CVE-2025-42975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42975"
},
{
"name": "CVE-2025-42945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42945"
},
{
"name": "CVE-2025-42950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42950"
},
{
"name": "CVE-2025-42936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42936"
},
{
"name": "CVE-2025-42949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42949"
},
{
"name": "CVE-2025-42946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42946"
},
{
"name": "CVE-2025-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42934"
},
{
"name": "CVE-2025-42955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42955"
},
{
"name": "CVE-2025-42935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42935"
},
{
"name": "CVE-2025-42948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42948"
},
{
"name": "CVE-2025-42976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42976"
},
{
"name": "CVE-2025-42957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42957"
},
{
"name": "CVE-2025-42951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42951"
},
{
"name": "CVE-2025-42941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42941"
},
{
"name": "CVE-2025-42942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42942"
}
],
"initial_release_date": "2025-08-12T00:00:00",
"last_revision_date": "2025-08-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0674",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP august-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html"
}
]
}