CVE-2026-44770

Summary

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4 HANA (Create Single Payment)S4CORE 102affected
SAP_SESAP S/4 HANA (Create Single Payment)103affected
SAP_SESAP S/4 HANA (Create Single Payment)104affected
SAP_SESAP S/4 HANA (Create Single Payment)105affected
SAP_SESAP S/4 HANA (Create Single Payment)106affected
SAP_SESAP S/4 HANA (Create Single Payment)107affected
SAP_SESAP S/4 HANA (Create Single Payment)108affected
SAP_SESAP S/4 HANA (Create Single Payment)109affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

References