Back to overview

CVE-2026-44771

MEDIUM
4.3
CVSS 3.1
Description
SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

Metadata

CVE ID
CVE-2026-44771
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:39 UTC
Published
2026-07-14 00:21 UTC
Last updated
2026-07-14 00:21 UTC
Primary CWE
CWE-862
CWE-862: Missing Authorization
Vendor / Product
SAP_SE / SAP S/4HANA (Draft operation)
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP S/4HANA (Draft operation) S4CORE 108
Weakness (CWE)
CWESourceDescription
CWE-862 cna CWE-862: Missing Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Back to overview