CVE-2026-24314 PUBLISHED

Information Disclosure vulnerability in S/4HANA (Manage Payment Media)

Assigner: sap
Reserved: 21.01.2026 Published: 24.02.2026 Updated: 24.02.2026

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	S/4HANA (Manage Payment Media)
Versions	Default: unaffected Version UIAPFI70 600 is affected Version 700 is affected Version 800 is affected Version 900 is affected Version 901 is affected Version 902 is affected Version UIS4H 109 is affected

CVE-2026-24314 PUBLISHED

Information Disclosure vulnerability in S/4HANA (Manage Payment Media)

Metrics

Product Status

References

Problem Types