Severity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.
AnalysisAI
SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.
Technical ContextAI
The vulnerability resides in an RFC (Remote Function Call) interface exposed within SAP Landscape Transformation, a critical SAP system administration tool. RFC is SAP's proprietary protocol for synchronous communication between systems. The root cause is improper input validation in a function module (CWE-94: Improper Control of Generation of Code), allowing attackers to break out of intended code boundaries and execute arbitrary ABAP (Advanced Business Application Programming) or OS commands. The RFC exposure means the function is callable from remote systems, but exploitation requires high privilege credentials (PR:H in CVSS vector) and user interaction (UI:R), significantly limiting the threat surface.
RemediationAI
Apply the vendor-released security patch available via SAP Security Patch Day. Detailed patch versions and download locations are provided in SAP Note 3723097 (https://me.sap.com/notes/3723097) and the SAP Security Patch Day portal (https://url.sap/sapsecuritypatchday). As an interim measure, restrict RFC access to the affected function module to only trusted, authorized high-privilege accounts and implement network-level controls to limit RFC communication endpoints. Additionally, enforce strong authentication and audit logging for all RFC calls into Landscape Transformation environments.
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22147
GHSA-rqv3-6h29-j2m3