CVE-2026-24314
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | S/4HANA (Manage Payment Media) | UIAPFI70 600 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | 700 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | 800 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | 900 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | 901 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | 902 | affected |
| SAP_SE | S/4HANA (Manage Payment Media) | UIS4H 109 | affected |
Weaknesses
- CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.