CVE-2026-24314

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3646297	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s\/4hana_uiapfi70:600:::::::*
	cpe:2.3:a:sap:s\/4hana_uiapfi70:700:::::::*
	cpe:2.3:a:sap:s\/4hana_uiapfi70:800:::::::*
	cpe:2.3:a:sap:s\/4hana_uiapfi70:900:::::::*
	cpe:2.3:a:sap:s\/4hana_uiapfi70:901:::::::*
	cpe:2.3:a:sap:s\/4hana_uiapfi70:902:::::::*
	cpe:2.3:a:sap:s\/4hana_uis4h:109:::::::*

History

No history.

Information

Published : 2026-02-24 06:16

Updated : 2026-03-03 00:28

NVD link : CVE-2026-24314

Mitre link : CVE-2026-24314

CVE.ORG link : CVE-2026-24314

JSON object : View

Products Affected

sap

s\/4hana_uis4h
s\/4hana_uiapfi70

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

NVD-CWE-noinfo

{"id": "CVE-2026-24314", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-02-24T06:16:35.270", "references": [{"url": "https://me.sap.com/notes/3646297", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-497"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP S/4HANA (Gestionar Medios de Pago) permite a un atacante autenticado acceder a informaci\u00f3n que de otro modo estar\u00eda restringida. Esto podr\u00eda causar un impacto bajo en la confidencialidad de la aplicaci\u00f3n, mientras que la integridad y la disponibilidad no se ven impactadas."}], "lastModified": "2026-03-03T00:28:43.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AB97C06-5D56-470C-8B8F-3C782E1F70C4"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "509D6CFA-7A14-428C-B878-9C9C1588ED8F"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06BDD6A0-C115-427B-876B-4F0C393043DE"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:900:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C05B6F2-C6A8-4FEB-917A-AB2FA86B50BD"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:901:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186D3DCE-2FE0-4EB9-B9DB-EF7B5F0775E5"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:902:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64DFAF25-C968-40A5-96EA-4B163CA21897"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uis4h:109:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C5F869-886A-4E07-81EB-B9DD4BE08180"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}