CVE-2026-24314 MEDIUM

CVE-2026-24314: Information Disclosure vulnerability in S/4HANA (Manage Payment Media)

Vendor Sap_Se
Product S/4HANA (Manage Payment Media)
Weakness CWE-497
Published February 24, 2026
Last update February 24, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

Key dates

02Disclosure timeline

February 24, 2026 CVE published
February 24, 2026 Record updated

Related vulnerabilities

04Related CVE