Sap S 4 Hana Create Single Payment
Monthly
Missing authorization in SAP S/4HANA's Create Single Payment function exposes restricted entity set keys to authenticated but low-privileged users. The flaw (CWE-862) allows a restricted user to query specific payment-related entity sets beyond their intended access scope, resulting in low-impact confidentiality leakage with no effect on data integrity or system availability. No public exploit code exists and this vulnerability is not listed in CISA KEV; EPSS data was not provided, but the CVSS 4.3 medium score and limited impact scope suggest low exploitation urgency.
Missing authorization in SAP S/4HANA's Create Single Payment function exposes restricted entity set keys to authenticated but low-privileged users. The flaw (CWE-862) allows a restricted user to query specific payment-related entity sets beyond their intended access scope, resulting in low-impact confidentiality leakage with no effect on data integrity or system availability. No public exploit code exists and this vulnerability is not listed in CISA KEV; EPSS data was not provided, but the CVSS 4.3 medium score and limited impact scope suggest low exploitation urgency.