Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
SAP HCM for S/4HANA Leaks Sensitive Info with Low Privileges
CVE-2026-34264
Summary
An attacker with limited access to SAP's Human Capital Management system for S/4HANA can accidentally get sensitive information by guessing specific error messages. This could lead to unauthorized access to confidential data. Update your SAP system to fix this issue as soon as possible.
Original title
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate t...
Original description
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.
nvd CVSS3.1
6.5
Vulnerability type
CWE-204
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026