CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

CVE-2026-44754

The CVE-2026-44754 issue affects SAP’s Operational Data Provisioning (ODP) RFC APIs, where RFC modules fail to perform caller identification for allowed SAP-internal applications. This allows customer/third-party applications to use ODP-RFC functionality in ways not aligned with its intended usag...

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

EUVD-2026-35278

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

CVE-2026-27671

Technical details about CVE-2026-27671 are not publicly available in the provided documents. Monitor for updates from SAP/security advisories.

CVE-2026-27675

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

CVE-2026-27688

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

EUVD-2026-10459

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

EUVD-2026-10458

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-0491

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

PT-2026-2340

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...

PT-2026-2334

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...

PT-2026-2327

Name of the Vulnerable Software and Affected Versions SAP Landscape Transformation affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC that allows an attacker with administrative privileges to inject arbitrary ABAP cod...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...

CVE-2025-23186

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...