Primary

Context

SAP NetWeaver and ABAP Platform Improper RFC Protocol Validation Vulnerability Leading to Memory Corruption

Vulnerability

A vulnerability exists in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform. This issue arises from improper validation of the Remote Function Call (RFC) protocol, allowing an unauthenticated attacker to send a crafted RFC request. The exploitation of this vulnerability takes advantage of logical errors in memory management, resulting in memory corruption. Such corruption could significantly impact the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to memory corruption, with a high impact on the application's confidentiality, integrity, and availability.

Remediation

Security fixes for this vulnerability will be delivered through SAP Security Notes. The next SAP Security Patch Day is scheduled for June 9, 2026.

Added: Jun 9, 2026, 1:30 AM

Updated: Jun 9, 2026, 1:30 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

6.4

remediation

5.6

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

6.4

remediation

5.6

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver and ABAP Platform Improper RFC Protocol Validation Vulnerability Leading to Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

SAP Kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating