CVE-2026-0493 | THREATINT

Description

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-13 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-352: Cross-Site Request Forgery

Product status

Default status

unaffected

UIAPFI70 500

affected

600

affected

700

affected

800

affected

900

affected

901

affected

902

affected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

108

affected

109

affected

UIS4H 109

affected

References

me.sap.com/notes/3655229

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0493)

nvd.nist.gov (CVE-2026-0493)

Download JSON