Remote Function Call Vulnerability in SAP Operational Data Provisioning API
CVE-2026-44754

6.6MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
9 June 2026

What is CVE-2026-44754?

The Remote Function Call modules within the Operational Data Provisioning Data Replication API are lacking caller identification for SAP-internal applications. As a result, customer and third-party applications may exploit the API in ways not aligned with its intended use. This situation can lead to unintentional data disclosures without compromising the integrity of the application or causing significant availability issues.

Affected Version(s)

ODP Data Replication APIs DW4CORE 200

ODP Data Replication APIs 300

ODP Data Replication APIs 400

References

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.