FKIE_CVE-2026-34264

Vulnerability from fkie_nvd - Published: 2026-04-14 01:16 - Updated: 2026-05-04 14:51
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.
References
cna@sap.comhttps://me.sap.com/notes/3680767Permissions Required
cna@sap.comhttps://url.sap/sapsecuritypatchdayPermissions Required
Impacted products
Vendor Product Version
sap human_capital_management s4hcmrxx_100
sap human_capital_management s4hcmrxx_101
sap human_capital_management s4hcmrxx_102
sap human_capital_management sap_hrrxx_600
sap human_capital_management sap_hrrxx_604
sap human_capital_management sap_hrrxx_608
sap s\/4hana -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:s4hcmrxx_100:*:*:*:*:*:*:*",
              "matchCriteriaId": "5384DC3A-9770-407E-89F1-9FC134B5CF50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:s4hcmrxx_101:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC80DB20-E930-410F-9972-CA4CF94CA9B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:s4hcmrxx_102:*:*:*:*:*:*:*",
              "matchCriteriaId": "993CDDD4-73D5-47F5-8017-A47B151F6CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrrxx_600:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD7D918-79F2-44BB-94A4-8950DAF2B4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrrxx_604:*:*:*:*:*:*:*",
              "matchCriteriaId": "22796CDB-3AAA-4323-8A5B-69C61CC2EF46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:human_capital_management:sap_hrrxx_608:*:*:*:*:*:*:*",
              "matchCriteriaId": "3321A186-7B46-42C7-B4B6-FAB96608BBF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:s\\/4hana:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61225714-D573-435F-9423-7AE6A8ED59BC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected."
    }
  ],
  "id": "CVE-2026-34264",
  "lastModified": "2026-05-04T14:51:26.123",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cna@sap.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-04-14T01:16:04.200",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3680767"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-204"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.