CVE-2026-44754
Missing caller identification check-in for ODP Data Replication APIs
CVSS Score
6.6
EPSS Score
0.0%
EPSS Percentile
11th
The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which could lead to unintended disclosure of data, but does not affect integrity, and poses minimal availability concerns for the application.
| Vendor | sap_se |
| Product | odp data replication apis |
| Published | Jun 9, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se odp data replication apis
Be the first to know when new medium vulnerabilities affecting sap_se odp data replication apis are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low
Affected Versions
SAP_SE / ODP Data Replication APIs
DW4CORE 200 300 400 PI_BASIS 2006_1_700 701 702 731 740 SAP_BW 750 816