CVE-2026-0495

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3565506
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La aplicación SAP Fiori Intercompany Balance Reconciliation permite a un atacante con altos privilegios enviar archivos cargados a correos electrónicos arbitrarios, lo que podría facilitar campañas de phishing efectivas. Esto tiene un impacto bajo en la confidencialidad, integridad y disponibilidad de la aplicación.

13 Jan 2026, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 02:15

Updated : 2026-04-15 00:35

NVD link : CVE-2026-0495

Mitre link : CVE-2026-0495

CVE.ORG link : CVE-2026-0495

JSON object : View

Products Affected

No product.

CWE

CWE-15

External Control of System or Configuration Setting

5.1 /10