Home

Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-24 | Updated 2026-02-24 | Assigner sap




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

UIAPFI70 600
affected

700
affected

800
affected

900
affected

901
affected

902
affected

UIS4H 109
affected

References

me.sap.com/notes/3646297

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24314)

nvd.nist.gov (CVE-2026-24314)

Download JSON