CVE-2026-44769 PUBLISHED

SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)

Assigner: sap
Reserved: 07.05.2026 Published: 14.07.2026 Updated: 14.07.2026

SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
CVSS Score: 5.5

Product Status

Vendor SAP_SE
Product SAP S/4HANA Project Management (PPM-PRO)
Versions Default: unaffected
  • Version SAP_APPL 600 is affected
  • Version 602 is affected
  • Version 603 is affected
  • Version 604 is affected
  • Version 605 is affected
  • Version 606 is affected
  • Version 617 is affected
  • Version 618 is affected
  • Version S4CORE 102 is affected
  • Version 103 is affected
  • Version 104 is affected
  • Version 105 is affected
  • Version 106 is affected
  • Version 107 is affected
  • Version 108 is affected
  • Version CPRXRPM 400 is affected
  • Version 450_700 is affected
  • Version 500_702 is affected
  • Version 610_740 is affected

References

Problem Types