Database Query Execution Vulnerability in SAP S/4HANA Project Management
CVE-2026-44769

5.5MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
14 July 2026

What is CVE-2026-44769?

A security vulnerability exists in SAP S/4HANA's Project Management component, allowing attackers with elevated privileges to execute specially crafted database queries. This issue exposes sensitive backend database information, potentially compromising confidentiality. While it does not affect the integrity or availability of the application, it underscores the importance of securing database access and monitoring for unusual activity. For detailed information and mitigation steps, refer to SAP's security notes.

Affected Version(s)

SAP S/4HANA Project Management (PPM-PRO) SAP_APPL 600

SAP S/4HANA Project Management (PPM-PRO) 602

SAP S/4HANA Project Management (PPM-PRO) 603

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.