CVE-2026-0495 | THREATINT

Description

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-13 | Assigner sap

MEDIUM: 5.1CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-15: External Control of System or Configuration Setting

Product status

Default status

unaffected

UIAPFI70 500

affected

600

affected

700

affected

800

affected

900

affected

901

affected

902

affected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

108

affected

References

me.sap.com/notes/3565506

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0495)

nvd.nist.gov (CVE-2026-0495)

Download JSON