CVE-2026-24314

Summary

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SES/4HANA (Manage Payment Media)UIAPFI70 600affected
SAP_SES/4HANA (Manage Payment Media)700affected
SAP_SES/4HANA (Manage Payment Media)800affected
SAP_SES/4HANA (Manage Payment Media)900affected
SAP_SES/4HANA (Manage Payment Media)901affected
SAP_SES/4HANA (Manage Payment Media)902affected
SAP_SES/4HANA (Manage Payment Media)UIS4H 109affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References