medium2026-07-14SAP S/4HANACVE-2026-44770

Missing Authorization Check in SAP S/4HANA Single Payment

SAP S/4HANA — Single Payment (Accounts Payable)

Our Take

Missing auth on a payment function is a financial controls concern as much as a security one. SOX environments should treat this as a compliance issue — include in the next planned window and document the remediation.

Vulnerability Detail

Missing authorisation check in the Single Payment functionality of SAP S/4HANA Accounts Payable Fiori app. An authenticated attacker can initiate or view payment transactions beyond their intended authorisation, potentially triggering or viewing financial payments without proper approval.

Patch Action

Apply SAP Note 3713902. Verify affected versions in the official SAP Note.

Patch Info

CVSS Score

4.3

SAP Note

3713902

CVE

CVE-2026-44770

Published

2026-07-14

← All patches