medium2026-07-14SAP S/4HANACVE-2026-44771

Missing Authorization Check in SAP S/4HANA Draft Operations

SAP S/4HANA — Draft Operations (Cash and Liquidity Management)

Our Take

Draft documents in Cash and Liquidity Management feed cash flow reporting and payment proposals. Unauthorised modification of drafts has audit and financial control implications. Planned window.

Vulnerability Detail

Missing authorisation check in the Draft Operations functionality within the Cash and Liquidity Management component of SAP S/4HANA. An authenticated user can access or modify draft financial documents beyond their intended authorisation scope.

Patch Action

Apply SAP Note 3515598. Verify affected versions in the official SAP Note.

Patch Info

CVSS Score

4.3

SAP Note

3515598

CVE

CVE-2026-44771

Published

2026-07-14

← All patches