{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24314", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:25.361Z", "datePublished": "2026-02-24T05:23:52.911Z", "dateUpdated": "2026-02-24T16:44:18.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "S/4HANA (Manage Payment Media)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "UIAPFI70 600"}, {"status": "affected", "version": "700"}, {"status": "affected", "version": "800"}, {"status": "affected", "version": "900"}, {"status": "affected", "version": "901"}, {"status": "affected", "version": "902"}, {"status": "affected", "version": "UIS4H 109"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.</p>"}], "value": "Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-24T05:23:52.911Z"}, "references": [{"url": "https://me.sap.com/notes/3646297"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in S/4HANA (Manage Payment Media)", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T16:30:23.530917Z", "id": "CVE-2026-24314", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T16:44:18.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24314", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T16:30:23.530917Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T16:44:11.718Z"}}], "cna": {"title": "Information Disclosure vulnerability in S/4HANA (Manage Payment Media)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "S/4HANA (Manage Payment Media)", "versions": [{"status": "affected", "version": "UIAPFI70 600"}, {"status": "affected", "version": "700"}, {"status": "affected", "version": "800"}, {"status": "affected", "version": "900"}, {"status": "affected", "version": "901"}, {"status": "affected", "version": "902"}, {"status": "affected", "version": "UIS4H 109"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3646297"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.", "supportingMedia": [{"type": "text/html", "value": "<p>Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-24T05:23:52.911Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24314", "state": "PUBLISHED", "dateUpdated": "2026-02-24T16:44:18.533Z", "dateReserved": "2026-01-21T22:15:25.361Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-02-24T05:23:52.911Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:600:*:*:*:*:*:*:*", "matchCriteriaId": "9AB97C06-5D56-470C-8B8F-3C782E1F70C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:700:*:*:*:*:*:*:*", "matchCriteriaId": "509D6CFA-7A14-428C-B878-9C9C1588ED8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:800:*:*:*:*:*:*:*", "matchCriteriaId": "06BDD6A0-C115-427B-876B-4F0C393043DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:900:*:*:*:*:*:*:*", "matchCriteriaId": "2C05B6F2-C6A8-4FEB-917A-AB2FA86B50BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:901:*:*:*:*:*:*:*", "matchCriteriaId": "186D3DCE-2FE0-4EB9-B9DB-EF7B5F0775E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uiapfi70:902:*:*:*:*:*:*:*", "matchCriteriaId": "64DFAF25-C968-40A5-96EA-4B163CA21897", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_uis4h:109:*:*:*:*:*:*:*", "matchCriteriaId": "F1C5F869-886A-4E07-81EB-B9DD4BE08180", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP S/4HANA (Gestionar Medios de Pago) permite a un atacante autenticado acceder a informaci\u00f3n que de otro modo estar\u00eda restringida. Esto podr\u00eda causar un impacto bajo en la confidencialidad de la aplicaci\u00f3n, mientras que la integridad y la disponibilidad no se ven impactadas."}], "id": "CVE-2026-24314", "lastModified": "2026-03-03T00:28:43.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-02-24T06:16:35.270", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3646297"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}