MEDIUM✓ PATCH🇬🇧 English

CVE-2026-34264

CVSS 6.5v3.1pub. 2026-04-14upd. 2026-05-04

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Sap Human Capital Management

    APP
    Sap
    s4hcmrxx_100s4hcmrxx_101s4hcmrxx_102sap_hrrxx_600sap_hrrxx_604sap_hrrxx_608
  • Sap S\/4hana

    APP
    Sap
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-0488CRITICAL9.9PL ✓ten sam produkt

SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL

CVE-2022-22531HIGH8.1ten sam produkt

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...

CVE-2022-22530HIGH8.1ten sam produkt

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...

CVE-2021-38176HIGH8.8ten sam produkt

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call N...

CVE-2026-27679MEDIUM6.5ten sam produkt

Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), a...

CVE-2026-34264 — MEDIUM 6.5 | CVEbaza.pl