Memory Corruption via RFC Protocol in SAP Kernel (NetWeaver AS ABAP)
SAP NetWeaver and ABAP Platform (SAP Kernel — RFC)
Unauthenticated memory corruption in the SAP Kernel via RFC is as bad as it sounds. RFC is the internal plumbing of every ABAP system — it is not an obscure edge case. Any network-accessible SAP application server is potentially exposed. If RFC is even theoretically reachable from an untrusted network, treat this as P0 and patch before the end of the week.
Vulnerability Detail
Improper validation of the RFC (Remote Function Call) protocol at the SAP Kernel level allows an unauthenticated remote attacker to send a specially crafted RFC request that exploits logical errors in the kernel's memory management. Successful exploitation causes memory corruption, which can lead to complete system compromise — arbitrary code execution, data exfiltration, and denial of service.
Workaround
Block RFC traffic (port 33xx/48xx) from untrusted networks at the firewall or network layer until the kernel patch is applied. Do not expose RFC ports directly to the internet.
Patch Action
Apply SAP Note 3717897. This is a kernel-level patch — schedule the required system restart.
Affected Versions
Patch Info