Volerion logoVolerion
Volerion logoVolerion

SAP Human Capital Management for SAP S/4HANA Authorization Check Vulnerability Allowing Sensitive Information Disclosure

Vulnerability

A vulnerability exists in SAP Human Capital Management for SAP S/4HANA during authorization checks, where the system inadvertently reveals specific messages. This flaw enables an authenticated user with low privileges to guess and enumerate information beyond their authorized access, leading to the disclosure of sensitive data and causing a significant breach of confidentiality. However, integrity and availability remain unaffected.

Impact

Exploitation of this vulnerability could result in unauthorized disclosure of sensitive information.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically in the 'Security Notes' section. It is recommended to implement these security corrections as a priority.

Added: Apr 14, 2026, 1:24 AM
Updated: Apr 14, 2026, 1:24 AM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
4.9
remediation
8.3
relevance
5.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.