Authorization Flaw in SAP Create Single Payment Affects User Data Access
CVE-2026-44770

4.3MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
14 July 2026

What is CVE-2026-44770?

The SAP Create Single Payment application contains a vulnerability due to inadequate authorization checks, allowing authenticated yet restricted users to access specific entity set keys. This can potentially lead to the unauthorized disclosure of sensitive information. While the vulnerability impacts the confidentiality of user data, it does not affect the integrity or availability of the application.

Affected Version(s)

SAP S/4 HANA (Create Single Payment) S4CORE 102

SAP S/4 HANA (Create Single Payment) 103

SAP S/4 HANA (Create Single Payment) 104

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.