medium2026-07-14SAP S/4HANACVE-2026-44770
Missing Authorization Check in SAP S/4HANA Single Payment
SAP S/4HANA — Single Payment (Accounts Payable)
Our Take
Missing auth on a payment function is a financial controls concern as much as a security one. SOX environments should treat this as a compliance issue — include in the next planned window and document the remediation.
Vulnerability Detail
Missing authorisation check in the Single Payment functionality of SAP S/4HANA Accounts Payable Fiori app. An authenticated attacker can initiate or view payment transactions beyond their intended authorisation, potentially triggering or viewing financial payments without proper approval.
Patch Action
Apply SAP Note 3713902. Verify affected versions in the official SAP Note.
Patch Info