CVE 6.6 MEDIUM

Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)_CVE-2026-0496

January 12, 2026 invoker category_cve
6.6 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Description

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.

Basic Information

ID CVE-2026-0496
Source sap
Published Jan 13, 2026 at 01:13

Affected Product

Vendor SAP_SE
Product SAP Fiori App (Intercompany Balance Reconciliation)
Version UIAPFI70 500
Affected Versions SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) UIAPFI70 500
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 600
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 700
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 800
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 900
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 901
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 902
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) S4CORE 102
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 103
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 104
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 105
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 106
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 107
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 108

CWE Classification

CWE-434

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.