CVE-2026-24314

MEDIUM

SAP S/4HANA - Info Disclosure

Title source: llm

Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3646297

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-497

Status published

Affected Products (7)

sap/s\/4hana_uiapfi70

sap/s\/4hana_uis4h

Timeline

Published Feb 24, 2026

Tracked Since Feb 24, 2026