Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.

Basic Information

ID CVE-2026-23683

Source sap

Published Jan 27, 2026 at 00:22

Affected Product

Vendor SAP_SE

Product SAP Fiori App (Intercompany Balance Reconciliation)

Version S4CORE 102

Affected Versions SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) S4CORE 102
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 103
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 104
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 105
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 106

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.",
    "published": "2026-01-27T00:22:13.153Z",
    "modified": "2026-01-27T00:22:13.153Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3122486\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-23683",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Fiori App (Intercompany Balance Reconciliation) S4CORE 102\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 103\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 104\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 105\nSAP_SE SAP Fiori App (Intercompany Balance Reconciliation) 106",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Fiori App (Intercompany Balance Reconciliation)",
    "version": "S4CORE 102",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)_CVE-2026-23683