CVE-2026-44769
MEDIUM
5.5
CVSS 3.1
Description
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
Metadata
Severity & Metrics
5.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SAP_SE | SAP S/4HANA Project Management (PPM-PRO) | — | SAP_APPL 600, 602, 603, 604 … |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-89 | cna | CWE-89: Improper Neutralization of Special Elements used in an SQL Command |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L |