SAP security advisory – January 2026 monthly rollup (AV26-021)

Serial number: AV26-021
Date: January 13, 2026

On January 13, 2026, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

  • Business Server Pages Application (Product Designer Web UI) – versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 600, 602, 603, 604, 605, 606 and 617
  • NW AS Java UME User Mapping – versions ENGINEAPI 7.50, SERVERCORE 7.50 and UMEADMIN 7.50
  • SAP Application Server for ABAP and SAP NetWeaver RFCSDK – versions KRNL64UC 7.53, NWRFCSDK 7.50, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93 and 9.16
  • SAP Business Connector – version SAP BC 4.8
  • SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) – versions SAP_APPL 618, S4CORE 102, 103, 104, 105, 106, 107, 108, 109, EA-APPL 605, 606 and 617
  • SAP Fiori App (Intercompany Balance Reconciliation) – versions UIAPFI70 500, 600, 700, 800, 900, 901, 902 and UIS4H 109
  • SAP Fiori App (Intercompany Balance Reconciliation) – versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107 and 108
  • SAP Fiori App (Intercompany Balance Reconciliation) – versions UIAPFI70 500, 600, 700, 800, 900, 901, 902, S4CORE 102, 103, 104, 105, 106, 107, 108, 109 and UIS4H 109
  • SAP HANA database – version HDB 2.00
  • SAP Identity Management – versions IDM_CLM_REST_API 8.0 and IDMIC 8.0
  • SAP Landscape Transformation – versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752 and 2020
  • SAP NetWeaver Application Server ABAP and ABAP Platform – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 and SAP_BASIS 816
  • SAP NetWeaver Enterprise Portal – version EP-RUNTIME 7.50
  • SAP S/4HANA (Private Cloud and On-Premise) – versions S4CORE 102, 103, 104, 105, 106, 107, 108 and 109
  • SAP S/4HANA Private Cloud and On-Premise (Financials – General Ledger) – versions S4CORE 102, 103, 104, 105, 106, 107, 108 and 109
  • SAP Supplier Relationship Management (SICF Handler in SRM Catalog) – versions SRM_SERVER 700, 701, 702, 713 and 714
  • SAP Wily Introscope Enterprise Manager (WorkStation) – version WILY_INTRO_ENTERPRISE 10.8

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations, and apply the necessary updates.

Date modified: