Skip to main content

SAP CVE-2026-0495

MEDIUM
External Control of System or Configuration Setting (CWE-15)
2026-01-13 cna@sap.com
5.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 02:15 nvd
MEDIUM 5.1

DescriptionCVE.org

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

AnalysisAI

SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. No patch is currently available for this medium-severity issue.

Technical ContextAI

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

Affected ProductsAI

SAP Fiori App Intercompany Balance Reconciliation

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-0495 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy