PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44770 SAP_SE CVE debrief

CVE-2026-44770 is a medium severity vulnerability in SAP Create Single Payment. The vulnerability does not perform necessary authorization checks for an authenticated user, allowing a restricted user to access specific entity set keys, resulting in disclosure of information. The impact on confidentiality is low, with no impact on integrity and availability of the application. Affected product deployments should be identified, and owners assigned for follow-up. Official advisories and CVE records should be reviewed to validate affected scope, severity, and vendor guidance.

Vendor
SAP_SE
Product
SAP S/4 HANA (Create Single Payment)
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-14
Advisory published
2026-07-14
Advisory updated
2026-07-14

Who should care

Security teams responsible for SAP systems, particularly those using Create Single Payment, should assess the vulnerability's impact and apply necessary patches. Teams should also review system activity for unusual access patterns and implement additional authorization checks for sensitive operations.

Technical summary

The vulnerability, CVE-2026-44770, exists in SAP Create Single Payment due to insufficient authorization checks for authenticated users. This allows restricted users to access specific entity set keys, potentially leading to information disclosure. The CVSS score for this vulnerability is 4.3, indicating a medium severity level. The vulnerability has a low impact on confidentiality, with no impact on integrity and availability. Affected product context and defensive impact should be considered when assessing this vulnerability.

Defensive priority

Apply patches or mitigations provided by SAP to address the vulnerability in Create Single Payment. Conduct regular security audits and monitor system activity to detect potential exploitation attempts.

Recommended defensive actions

  • Apply SAP patches or mitigations for Create Single Payment
  • Conduct regular security audits of SAP systems
  • Monitor system activity for unusual access patterns
  • Implement additional authorization checks for sensitive operations
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-14T01:16:18.480Z and has not been modified since then. The NVD entry is currently being reviewed. Security teams should verify the affected SAP systems and assess potential exposure. Evidence limits suggest that further details may be required for a comprehensive understanding.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T01:16:18.480Z and has not been modified since then.