CVE-2026-24314

MEDIUM

SAP S/4HANA - Info Disclosure

Title source: llm

Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3646297

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (7)

sap/s\/4hana_uiapfi70 600

sap/s\/4hana_uiapfi70 700

sap/s\/4hana_uiapfi70 800

sap/s\/4hana_uiapfi70 900

sap/s\/4hana_uiapfi70 901

sap/s\/4hana_uiapfi70 902

sap/s\/4hana_uis4h 109

Published Feb 24, 2026

Tracked Since Feb 24, 2026