cvedb.io
CVE-2026-34264
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-04-14T01:16:04.200 · Last modified 2026-06-17T10:38:44.760

Summary

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.

Affected products

sap — human_capital_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.