Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SAP S/4HANA Project Management (PPM-PRO) by SAP_SE
CVE-2026-44769 (GCVE-0-2026-44769)
Vulnerability from nvd – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
VLAI
EPSS
VEX
Title
SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)
Summary
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
Severity
5.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP S/4HANA Project Management (PPM-PRO) |
Affected:
SAP_APPL 600
Affected: 602 Affected: 603 Affected: 604 Affected: 605 Affected: 606 Affected: 617 Affected: 618 Affected: S4CORE 102 Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 Affected: CPRXRPM 400 Affected: 450_700 Affected: 500_702 Affected: 610_740 |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S/4HANA Project Management (PPM-PRO)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "602"
},
{
"status": "affected",
"version": "603"
},
{
"status": "affected",
"version": "604"
},
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "CPRXRPM 400"
},
{
"status": "affected",
"version": "450_700"
},
{
"status": "affected",
"version": "500_702"
},
{
"status": "affected",
"version": "610_740"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:21:07.573Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3537373"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2026-44769",
"datePublished": "2026-07-14T00:21:07.573Z",
"dateReserved": "2026-05-07T18:39:44.147Z",
"dateUpdated": "2026-07-14T00:21:07.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44769 (GCVE-0-2026-44769)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
VLAI
EPSS
VEX
Title
SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)
Summary
SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
Severity
5.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP S/4HANA Project Management (PPM-PRO) |
Affected:
SAP_APPL 600
Affected: 602 Affected: 603 Affected: 604 Affected: 605 Affected: 606 Affected: 617 Affected: 618 Affected: S4CORE 102 Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 Affected: CPRXRPM 400 Affected: 450_700 Affected: 500_702 Affected: 610_740 |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S/4HANA Project Management (PPM-PRO)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "602"
},
{
"status": "affected",
"version": "603"
},
{
"status": "affected",
"version": "604"
},
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "CPRXRPM 400"
},
{
"status": "affected",
"version": "450_700"
},
{
"status": "affected",
"version": "500_702"
},
{
"status": "affected",
"version": "610_740"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:21:07.573Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3537373"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2026-44769",
"datePublished": "2026-07-14T00:21:07.573Z",
"dateReserved": "2026-05-07T18:39:44.147Z",
"dateUpdated": "2026-07-14T00:21:07.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}