CVE-2026-24314 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in SE S 4hana

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 89.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE S 4hana SAP S 4hana Uiapfi70 SAP S 4hana Uis4h

Timeline

PublishedFeb 24

Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/s_4hana7 versions+6

▶NVDsap/s_4hana_uis4h109

▶NVDsap/s_4hana_uiapfi706 versions+5

🔴Vulnerability Details

GHSA

GHSA-3grc-c2rj-3qj5: Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted↗2026-02-24

▶

CVEList

Information Disclosure vulnerability in S/4HANA (Manage Payment Media)↗2026-02-24

▶