Description
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-497NVD-CWE-noinfo
Metadata
- Primary Vendor
- SAP
- Published
- 2/24/2026
- Last Modified
- 3/3/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
sap : s\/4hana_uiapfi70sap : s\/4hana_uiapfi70sap : s\/4hana_uiapfi70sap : s\/4hana_uiapfi70sap : s\/4hana_uiapfi70sap : s\/4hana_uiapfi70sap : s\/4hana_uis4h
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.