Home

Description

SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

PUBLISHED Reserved 2026-05-07 | Published 2026-07-14 | Updated 2026-07-14 | Assigner sap




MEDIUM: 5.5CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Product status

Default status
unaffected

SAP_APPL 600
affected

602
affected

603
affected

604
affected

605
affected

606
affected

617
affected

618
affected

S4CORE 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

CPRXRPM 400
affected

450_700
affected

500_702
affected

610_740
affected

References

me.sap.com/notes/3537373

url.sap/sapsecuritypatchday

cve.org (CVE-2026-44769)

nvd.nist.gov (CVE-2026-44769)

Download JSON