Primary

Context

SAP NetWeaver RMI-P4 Module Deserialization Vulnerability Leading to Arbitrary OS Command Execution

Vulnerability

A deserialization vulnerability has been identified in SAP NetWeaver, specifically within the RMI-P4 module. This vulnerability allows an unauthenticated attacker to exploit the system by sending malicious payloads to an open port. The deserialization of these untrusted Java objects could result in arbitrary execution of operating system commands, significantly impacting the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands, allowing an attacker to manipulate the system at a potentially high level.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, particularly during the scheduled SAP Security Patch Days.

Added: Sep 9, 2025, 2:19 AM

Updated: Sep 9, 2025, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

10.0

exploitability

7.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

10.0

exploitability

7.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver RMI-P4 Module Deserialization Vulnerability Leading to Arbitrary OS Command Execution

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating