{"id":10337,"date":"2025-11-12T19:39:32","date_gmt":"2025-11-12T12:39:32","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10337"},"modified":"2026-02-03T19:41:25","modified_gmt":"2026-02-03T12:41:25","slug":"canh-bao-bo-doi-lo-hong-10-diem-nghiem-trong-trong-ban-va-thang-11-cua-sap","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/11\/12\/canh-bao-bo-doi-lo-hong-10-diem-nghiem-trong-trong-ban-va-thang-11-cua-sap\/","title":{"rendered":"C\u1ea3nh b\u00e1o b\u1ed9 \u0111\u00f4i l\u1ed7 h\u1ed5ng 10 \u0111i\u1ec3m nghi\u00eam tr\u1ecdng trong b\u1ea3n v\u00e1 th\u00e1ng 11 c\u1ee7a SAP"},"content":{"rendered":"<p data-start=\"127\" data-end=\"522\">SAP v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt th\u00e1ng 11 v\u1edbi quy m\u00f4 l\u1edbn, bao g\u1ed3m 18 b\u1ea3n v\u00e1 m\u1edbi c\u00f9ng hai b\u1ea3n v\u00e1 b\u1ed5 sung cho c\u00e1c ghi ch\u00fa b\u1ea3o m\u1eadt \u0111\u00e3 c\u00f4ng b\u1ed1 tr\u01b0\u1edbc \u0111\u00f3. \u0110\u00e1ng ch\u00fa \u00fd, trong \u0111\u1ee3t c\u1eadp nh\u1eadt n\u00e0y c\u00f3 ba l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 \u1edf m\u1ee9c nghi\u00eam tr\u1ecdng, trong \u0111\u00f3 hai l\u1ed7 h\u1ed5ng \u0111\u1ea1t \u0111i\u1ec3m CVSS t\u1ed1i \u0111a 10, \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn c\u00e1c s\u1ea3n ph\u1ea9m SAP tr\u1ecdng y\u1ebfu \u0111ang \u0111\u01b0\u1ee3c tri\u1ec3n khai r\u1ed9ng r\u00e3i trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p.<\/p>\n<p data-start=\"127\" data-end=\"522\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone  wp-image-10338\" src=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Sap-300x167.png\" alt=\"\" width=\"690\" height=\"384\" srcset=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Sap-300x167.png 300w, https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Sap.png 700w\" sizes=\"(max-width: 690px) 100vw, 690px\" \/><\/p>\n<p data-start=\"524\" data-end=\"1020\">L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u0111\u1ea7u ti\u00ean, CVE-2025-42890, t\u00e1c \u0111\u1ed9ng \u0111\u1ebfn SQL Anywhere Monitor \u2013 th\u00e0nh ph\u1ea7n gi\u00e1m s\u00e1t c\u01a1 s\u1edf d\u1eef li\u1ec7u d\u1ef1a tr\u00ean n\u1ec1n t\u1ea3ng Sybase. Nguy\u00ean nh\u00e2n \u0111\u1ebfn t\u1eeb vi\u1ec7c ph\u1ea7n m\u1ec1m t\u00edch h\u1ee3p s\u1eb5n th\u00f4ng tin x\u00e1c th\u1ef1c ngay trong m\u00e3 ngu\u1ed3n, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho k\u1ebb t\u1ea5n c\u00f4ng ch\u01b0a x\u00e1c th\u1ef1c khai th\u00e1c t\u1eeb xa. N\u1ebfu b\u1ecb l\u1ee3i d\u1ee5ng, l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 d\u1eabn t\u1edbi th\u1ef1c thi m\u00e3 t\u00f9y \u00fd ho\u1eb7c truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng c\u01a1 s\u1edf d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, g\u00e2y \u1ea3nh h\u01b0\u1edfng nghi\u00eam tr\u1ecdng \u0111\u1ebfn t\u00ednh b\u1ea3o m\u1eadt, to\u00e0n v\u1eb9n v\u00e0 kh\u1ea3 d\u1ee5ng c\u1ee7a h\u1ec7 th\u1ed1ng.<\/p>\n<p data-start=\"1022\" data-end=\"1568\">L\u1ed7 h\u1ed5ng th\u1ee9 hai \u0111\u1ea1t \u0111i\u1ec3m CVSS 10 l\u00e0 CVE-2025-42944, t\u1ed3n t\u1ea1i trong m\u00f4-\u0111un RMI-P4 c\u1ee7a SAP NetWeaver AS Java. L\u1ed7i xu\u1ea5t ph\u00e1t t\u1eeb c\u01a1 ch\u1ebf deserialization kh\u00f4ng an to\u00e0n, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng g\u1eedi payload \u0111\u1ed9c h\u1ea1i t\u1edbi c\u00e1c c\u1ed5ng RMI \u0111ang m\u1edf \u0111\u1ec3 th\u1ef1c thi l\u1ec7nh t\u1eeb xa tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh. SAP cho bi\u1ebft \u0111\u00e2y l\u00e0 b\u1ea3n v\u00e1 m\u1edf r\u1ed9ng t\u1eeb m\u1ed9t khuy\u1ebfn c\u00e1o tr\u01b0\u1edbc \u0111\u00f3, ph\u1ea3n \u00e1nh m\u1ee9c \u0111\u1ed9 ph\u1ee9c t\u1ea1p v\u00e0 nguy hi\u1ec3m c\u1ee7a l\u1ed7 h\u1ed5ng. V\u1edbi vi\u1ec7c NetWeaver AS Java \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng ph\u1ed5 bi\u1ebfn v\u00e0 \u0111\u00f4i khi b\u1ecb ph\u01a1i b\u00e0y ra Internet, r\u1ee7i ro khai th\u00e1c \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 r\u1ea5t cao n\u1ebfu h\u1ec7 th\u1ed1ng ch\u01b0a \u0111\u01b0\u1ee3c v\u00e1 k\u1ecbp th\u1eddi.<\/p>\n<p data-start=\"1570\" data-end=\"1989\">B\u00ean c\u1ea1nh \u0111\u00f3, l\u1ed7 h\u1ed5ng CVE-2025-42887 v\u1edbi \u0111i\u1ec3m CVSS 9.9 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn SAP Solution Manager phi\u00ean b\u1ea3n ST 720. L\u1ed7i ph\u00e1t sinh do thi\u1ebfu ki\u1ec3m tra d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o trong qu\u00e1 tr\u00ecnh g\u1ecdi h\u00e0m t\u1eeb xa, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 x\u00e1c th\u1ef1c ch\u00e8n v\u00e0 th\u1ef1c thi m\u00e3 \u0111\u1ed9c tr\u00ean h\u1ec7 th\u1ed1ng. Vi\u1ec7c khai th\u00e1c th\u00e0nh c\u00f4ng c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c chi\u1ebfm to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t Solution Manager \u2013 m\u1ed9t th\u00e0nh ph\u1ea7n then ch\u1ed1t trong qu\u1ea3n tr\u1ecb h\u1ea1 t\u1ea7ng SAP c\u1ee7a doanh nghi\u1ec7p.<\/p>\n<p data-start=\"1991\" data-end=\"2547\">Ngo\u00e0i c\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng, SAP c\u0169ng v\u00e1 nhi\u1ec1u v\u1ea5n \u0111\u1ec1 \u1edf m\u1ee9c cao v\u00e0 trung b\u00ecnh tr\u00ean c\u00e1c s\u1ea3n ph\u1ea9m kh\u00e1c nh\u01b0 SAP HANA, SAP NetWeaver, SAP S\/4HANA, SAP Business Connector v\u00e0 SAP GUI for Windows. Ph\u1ea1m vi \u1ea3nh h\u01b0\u1edfng r\u1ed9ng c\u1ee7a b\u1ea3n c\u1eadp nh\u1eadt th\u00e1ng 11 cho th\u1ea5y h\u1ec7 sinh th\u00e1i SAP ti\u1ebfp t\u1ee5c l\u00e0 m\u1ee5c ti\u00eau h\u1ea5p d\u1eabn c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng. Do \u0111\u00f3, vi\u1ec7c tri\u1ec3n khai c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt s\u1edbm, \u0111\u1eb7c bi\u1ec7t v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng quan tr\u1ecdng v\u00e0 c\u00f3 k\u1ebft n\u1ed1i Internet, \u0111\u01b0\u1ee3c xem l\u00e0 bi\u1ec7n ph\u00e1p thi\u1ebft y\u1ebfu \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro v\u00e0 b\u1ea3o v\u1ec7 h\u1ea1 t\u1ea7ng doanh nghi\u1ec7p tr\u01b0\u1edbc c\u00e1c m\u1ed1i \u0111e d\u1ecda ng\u00e0y c\u00e0ng tinh vi.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SAP v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt th\u00e1ng 11 v\u1edbi quy m\u00f4 l\u1edbn, bao g\u1ed3m 18 b\u1ea3n v\u00e1 m\u1edbi c\u00f9ng hai b\u1ea3n v\u00e1 b\u1ed5 sung cho c\u00e1c ghi ch\u00fa b\u1ea3o m\u1eadt \u0111\u00e3 c\u00f4ng b\u1ed1 tr\u01b0\u1edbc \u0111\u00f3. \u0110\u00e1ng ch\u00fa \u00fd, trong \u0111\u1ee3t c\u1eadp nh\u1eadt n\u00e0y c\u00f3 ba l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 \u1edf m\u1ee9c [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10337","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10337"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10337\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}