medium2026-07-14SAP S/4HANACVE-2026-44771
Missing Authorization Check in SAP S/4HANA Draft Operations
SAP S/4HANA — Draft Operations (Cash and Liquidity Management)
Our Take
Draft documents in Cash and Liquidity Management feed cash flow reporting and payment proposals. Unauthorised modification of drafts has audit and financial control implications. Planned window.
Vulnerability Detail
Missing authorisation check in the Draft Operations functionality within the Cash and Liquidity Management component of SAP S/4HANA. An authenticated user can access or modify draft financial documents beyond their intended authorisation scope.
Patch Action
Apply SAP Note 3515598. Verify affected versions in the official SAP Note.
Patch Info