Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
Retaining AV:N and PR:H from vendor vector; C:H reflects database exposure potential, consistent with SQL injection root cause despite prose ambiguity.
Primary rating from Vendor (sap).
CVSS VectorVendor: sap
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
AnalysisAI
SQL injection in SAP S/4HANA Project Management (PPM-PRO) allows a high-privileged authenticated attacker to execute crafted database queries, exposing backend database contents. The vulnerability is reachable over the network but requires both high attack complexity and high privilege level, significantly constraining the realistic attacker pool. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold high privileges within the SAP S/4HANA environment (PR:H per CVSS vector), meaning a standard SAP user role is insufficient - administrator-level or equivalent PPM-PRO access is necessary. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate despite the high confidentiality impact (C:H) in the CVSS vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with high-privilege access to the SAP S/4HANA PPM-PRO module - such as a project manager or administrator role - submits a specially crafted input to a project management function that is passed unsanitized into a backend HANA database query. The injected SQL clause extracts data from the HANA database schema, potentially including project financial records, resource data, or other sensitive enterprise data stored in related tables. … |
| Remediation | Apply the patch or correction instructions detailed in SAP Security Note 3537373 (https://me.sap.com/notes/3537373), accessible via SAP One Support Launchpad. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43593
GHSA-9962-7h22-692x