Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.

Basic Information

ID CVE-2026-0493

Source sap

Published Jan 13, 2026 at 01:13

Affected Product

Vendor SAP_SE

Product SAP Fiori App (Intercompany Balance Reconciliation)

Version UIAPFI70 500

Affected Versions SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) UIAPFI70 500
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 600
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 700
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 800
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 900
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 901
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 902
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) S4CORE 102
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 103
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 104
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 105
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 106
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 107
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 108
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 109
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) UIS4H 109

CWE Classification

CWE-352

References

{
    "lastseen": "",
    "description": "Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.",
    "published": "2026-01-13T01:13:06.863Z",
    "modified": "2026-01-13T01:13:06.863Z",
    "type": "cve",
    "title": "Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3655229\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-0493",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) UIAPFI70 500\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 600\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 700\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 800\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 900\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 901\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 902\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) S4CORE 102\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 103\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 104\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 105\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 106\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 107\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 108\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 109\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) UIS4H 109",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Fiori App (Intercompany Balance Reconciliation)",
    "version": "UIAPFI70 500",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)_CVE-2026-0493