Missing caller identification check-in for ODP Data Replication APIs
CVE-2026-44754

6.6MEDIUM

Key Information:

Vendor

SAP
Status
Odp Data Replication Apis
Vendor
CVE Published:
9 June 2026

What is CVE-2026-44754?

The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which could lead to unintended disclosure of data, but does not affect integrity, and poses minimal availability concerns for the application.

Affected Version(s)

ODP Data Replication APIs DW4CORE 200

ODP Data Replication APIs 300

ODP Data Replication APIs 400

References

https://me.sap.com/notes/3748819
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.