SAP Operational Data Provisioning Data Replication API
Easy fix1 remedy
Easy fix1 remedy
SAP Operational Data Provisioning ODP-RFC Caller Identification Vulnerability
Vulnerability
A vulnerability exists in the Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC). These modules lack proper identification of permitted SAP-internal applications, allowing customer or third-party applications to use them in unintended ways. This could result in unauthorized data disclosure, although it does not compromise data integrity and only minimally impacts application availability.
Impact
The vulnerability could lead to unintended data disclosure.
Remediation
Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find a complete list of security updates and patches. For SAP NetWeaver based products, security fixes are delivered with support packages.
Added: Jun 9, 2026, 1:22 AM
Updated: Jun 9, 2026, 1:22 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
7.4remediation
0.0relevance
9.4threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.