CVE-2026-27675 | THREATINT

Description

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.

PUBLISHED Reserved 2026-02-23 | Published 2026-04-14 | Updated 2026-04-14 | Assigner sap

LOW: 2.0CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-94: Improper Control of Generation of Code

Product status

Default status

unaffected

DMIS 2011_1_700

affected

2011_1_710

affected

2011_1_730

affected

2011_1_731

affected

2011_1_752

affected

2020

affected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

108

affected

109

affected

References

me.sap.com/notes/3723097

url.sap/sapsecuritypatchday

cve.org (CVE-2026-27675)

nvd.nist.gov (CVE-2026-27675)

Download JSON