Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
SAP S/4HANA Payment Media can expose sensitive data to attackers
CVE-2026-24314
Summary
An attacker with valid login credentials may be able to access restricted information in SAP S/4HANA's Payment Media module, potentially revealing sensitive data. This issue affects confidentiality, but not the integrity or availability of the system. To mitigate this risk, ensure that access controls are properly configured and up-to-date.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sap | s\/4hana_uiapfi70 | 600 | – |
| sap | s\/4hana_uiapfi70 | 700 | – |
| sap | s\/4hana_uiapfi70 | 800 | – |
| sap | s\/4hana_uiapfi70 | 900 | – |
| sap | s\/4hana_uiapfi70 | 901 | – |
| sap | s\/4hana_uiapfi70 | 902 | – |
| sap | s\/4hana_uis4h | 109 | – |
Original title
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentialit...
Original description
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
nvd CVSS3.1
4.3
Vulnerability type
CWE-497
- https://me.sap.com/notes/3646297 Permissions Required
- https://url.sap/sapsecuritypatchday Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026