Home

Description

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-13 | Assigner sap




MEDIUM: 6.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

UIAPFI70 500
affected

600
affected

700
affected

800
affected

900
affected

901
affected

902
affected

S4CORE 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

References

me.sap.com/notes/3565506

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0496)

nvd.nist.gov (CVE-2026-0496)

Download JSON