SAP S/4HANA
Easy fix1 remedy
cpe:2.3:a:sap:s/4_hana:*:*:*:*:*:*:*, +2 more
Easy fix1 remedy
SAP S/4HANA ABAP Code Injection Vulnerability via RFC
Vulnerability
A vulnerability in SAP S/4HANA allows an attacker with user privileges to inject arbitrary ABAP code into the system through a function module exposed via RFC. This exploitation bypasses critical authorization checks, effectively creating a backdoor that could lead to a complete system compromise. The vulnerability jeopardizes the system's confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability could result in a full system compromise, allowing unauthorized access and control over the SAP S/4HANA system.
Remediation
Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For details on the next SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin Archive.
Added: Aug 12, 2025, 3:34 AM
Updated: Aug 12, 2025, 3:34 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.9remediation
8.3relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.