CVE-2026-0495

MEDIUM

SAP Fiori App - Privilege Escalation

Title source: llm

Description

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3565506

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 5.1

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-15

Status published

Products (14)

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 103

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 104

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 105

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 106

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 107

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 108

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 600

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 700

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 800

SAP_SE/SAP Fiori App (Intercompany Balance Reconciliation) 900

... and 4 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026