CVE-2026-44770
MEDIUM
4.3
CVSS 3.1
Description
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.
Metadata
Severity & Metrics
4.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SAP_SE | SAP S/4 HANA (Create Single Payment) | — | S4CORE 102, 103, 104, 105 … |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-862 | cna | CWE-862: Missing Authorization |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |