CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
9th
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.
| Vendor | sap_se |
| Product | sap human capital management for sap s/4hana |
| Published | Apr 14, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap human capital management for sap s/4hana
Be the first to know when new medium vulnerabilities affecting sap_se sap human capital management for sap s/4hana are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
SAP_SE / SAP Human Capital Management for SAP S/4HANA
S4HCMRXX 100 101 102 SAP_HRRXX 600 604 608