Missing caller identification check-in for ODP Data Replication APIs

6.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

Description

The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which could lead to unintended disclosure of data, but does not affect integrity, and poses minimal availability concerns for the application.

Basic Information

ID CVE-2026-44754

Source sap

Published Jun 9, 2026 at 00:21

Affected Product

Vendor SAP_SE

Product ODP Data Replication APIs

Version DW4CORE 200

Affected Versions SAP_SE ODP Data Replication APIs DW4CORE 200
SAP_SE ODP Data Replication APIs 300
SAP_SE ODP Data Replication APIs 400
SAP_SE ODP Data Replication APIs PI_BASIS 2006_1_700
SAP_SE ODP Data Replication APIs 701
SAP_SE ODP Data Replication APIs 702
SAP_SE ODP Data Replication APIs 731
SAP_SE ODP Data Replication APIs 740
SAP_SE ODP Data Replication APIs SAP_BW 750
SAP_SE ODP Data Replication APIs 816

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which could lead to unintended disclosure of data, but does not affect integrity, and poses minimal availability concerns for the application.",
    "published": "2026-06-09T00:21:27.172Z",
    "modified": "2026-06-09T00:21:27.172Z",
    "type": "cve",
    "title": "Missing caller identification check-in for ODP Data Replication APIs",
    "source": "sap",
    "references": "https://me.sap.com/notes/3748819\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-44754",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE ODP Data Replication APIs DW4CORE 200\nSAP_SE ODP Data Replication APIs 300\nSAP_SE ODP Data Replication APIs 400\nSAP_SE ODP Data Replication APIs PI_BASIS 2006_1_700\nSAP_SE ODP Data Replication APIs 701\nSAP_SE ODP Data Replication APIs 702\nSAP_SE ODP Data Replication APIs 731\nSAP_SE ODP Data Replication APIs 740\nSAP_SE ODP Data Replication APIs SAP_BW 750\nSAP_SE ODP Data Replication APIs 816",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ODP Data Replication APIs",
    "version": "DW4CORE 200",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing caller identification check-in for ODP Data Replication APIs_CVE-2026-44754