Back to overview

CVE-2026-44770

MEDIUM
4.3
CVSS 3.1
Description
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.

Metadata

CVE ID
CVE-2026-44770
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:39 UTC
Published
2026-07-14 00:21 UTC
Last updated
2026-07-14 00:21 UTC
Primary CWE
CWE-862
CWE-862: Missing Authorization
Vendor / Product
SAP_SE / SAP S/4 HANA (Create Single Payment)
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP S/4 HANA (Create Single Payment) S4CORE 102, 103, 104, 105 …
Weakness (CWE)
CWESourceDescription
CWE-862 cna CWE-862: Missing Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Back to overview