CVE-2026-44770 PUBLISHED

Missing Authorization check in SAP S/4 HANA (Create Single Payment)

Assigner: sap
Reserved: 07.05.2026 Published: 14.07.2026 Updated: 14.07.2026

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Product Status

Vendor SAP_SE
Product SAP S/4 HANA (Create Single Payment)
Versions Default: unaffected
  • Version S4CORE 102 is affected
  • Version 103 is affected
  • Version 104 is affected
  • Version 105 is affected
  • Version 106 is affected
  • Version 107 is affected
  • Version 108 is affected
  • Version 109 is affected

References

Problem Types