CVE-2026-44769

Summary

SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA Project Management (PPM-PRO)SAP_APPL 600affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)602affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)603affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)604affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)605affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)606affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)617affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)618affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)S4CORE 102affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)103affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)104affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)105affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)106affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)107affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)108affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)CPRXRPM 400affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)450_700affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)500_702affected
SAP_SESAP S/4HANA Project Management (PPM-PRO)610_740affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command

References