CVE-2026-34264

EPSS 0.05%
Veröffentlicht 14.04.2026 00:09:12
Zuletzt bearbeitet 04.05.2026 14:51:26
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Human Capital Management Versions4hcmrxx_100

SAP ≫ Human Capital Management Versions4hcmrxx_101

SAP ≫ Human Capital Management Versions4hcmrxx_102

SAP ≫ Human Capital Management Versionsap_hrrxx_600

SAP ≫ Human Capital Management Versionsap_hrrxx_604

SAP ≫ Human Capital Management Versionsap_hrrxx_608

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://url.sap/sapsecuritypatchday

Permissions Required

https://me.sap.com/notes/3680767

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-34264

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34264

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34264

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34264