CVE-2026-24314
MEDIUMSAP S/4HANA Manage Payment Media - Authenticated Exposure of Sensitive System Information
Title source: llmDescription
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3646297
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
9.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-497
Status
published
Products (7)
sap/s\/4hana_uiapfi70
600
sap/s\/4hana_uiapfi70
700
sap/s\/4hana_uiapfi70
800
sap/s\/4hana_uiapfi70
900
sap/s\/4hana_uiapfi70
901
sap/s\/4hana_uiapfi70
902
sap/s\/4hana_uis4h
109
Published
Feb 24, 2026
Tracked Since
Feb 24, 2026