SAP Landscape Transformation Arbitrary Code Injection Vulnerability via RFC

A vulnerability in SAP Landscape Transformation allows an attacker with admin privileges to inject arbitrary ABAP code or operating system commands into the system, bypassing crucial authorization checks. This flaw, exposed through a function module via Remote Function Call (RFC), effectively acts as a backdoor, potentially leading to a complete system compromise and undermining the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in a full system compromise, allowing unauthorized access and control over the affected system.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.