Back to overview

CVE-2026-44769

MEDIUM
5.5
CVSS 3.1
Description
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

Metadata

CVE ID
CVE-2026-44769
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:39 UTC
Published
2026-07-14 00:21 UTC
Last updated
2026-07-14 00:21 UTC
Primary CWE
CWE-89
CWE-89: Improper Neutralization of Special Elements used in …
Vendor / Product
SAP_SE / SAP S/4HANA Project Management (PPM-PRO)
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP S/4HANA Project Management (PPM-PRO) SAP_APPL 600, 602, 603, 604 …
Weakness (CWE)
CWESourceDescription
CWE-89 cna CWE-89: Improper Neutralization of Special Elements used in an SQL Command
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
Back to overview