Authenticated Info Disclosure in SAP S/4HANA Payment Media
CVE-2026-24314 Published on February 24, 2026
Information Disclosure vulnerability in S/4HANA (Manage Payment Media)
Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
Vulnerability Analysis
CVE-2026-24314 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2026-24314
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-24314 are published in SAP S4hana:
Affected Versions
SAP_SE S/4HANA (Manage Payment Media):- Version UIAPFI70 600 is affected.
- Version 700 is affected.
- Version 800 is affected.
- Version 900 is affected.
- Version 901 is affected.
- Version 902 is affected.
- Version UIS4H 109 is affected.