SAP Landscape Transformation RFC Function Module ABAP Code Injection Vulnerability

A vulnerability exists in SAP Landscape Transformation within an RFC-exposed function module, allowing a high-privileged adversary to inject arbitrary ABAP code and operating system commands. This could lead to unauthorized modifications of information, although the attacker would not have control over the type or extent of these changes. As a result, there is a low impact on integrity, while confidentiality and availability remain unaffected.

Impact

Exploitation of this vulnerability could result in unauthorized injection of ABAP code and operating system commands, potentially leading to unauthorized modifications of information.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.