VYPR
Medium severity6.5NVD Advisory· Published Apr 14, 2026· Updated May 4, 2026

CVE-2026-34264

CVE-2026-34264

Description

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:sap:human_capital_management:s4hcmrxx_100:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:sap:human_capital_management:s4hcmrxx_100:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:human_capital_management:s4hcmrxx_101:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:human_capital_management:s4hcmrxx_102:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:human_capital_management:sap_hrrxx_600:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:human_capital_management:sap_hrrxx_604:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:human_capital_management:sap_hrrxx_608:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.