Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 24, 2026

Information Disclosure vulnerability in S/4HANA (Manage Payment Media)

CVE-2026-24314

Description

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

Affected products

SAP/S/4HANAllm-create
SAP_SE/S/4HANA (Manage Payment Media)v5
Range: UIAPFI70 600

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3646297mitre
url.sap/sapsecuritypatchdaymitre

News mentions

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
The Hacker News · May 18, 2026
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
SecurityWeek · May 13, 2026
Microsoft Patches 137 Vulnerabilities
SecurityWeek · May 12, 2026
Adobe Patches 52 Vulnerabilities in 10 Products
SecurityWeek · May 12, 2026
SAP unveils Autonomous Enterprise for AI-driven business operations
Help Net Security · May 12, 2026
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
SecurityWeek · May 12, 2026
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
BleepingComputer · May 12, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000