Skip to main content

SAP CVE-2026-0495

MEDIUM
External Control of System or Configuration Setting (CWE-15)
2026-01-13 cna@sap.com
SAP
5.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 02:15 nvd
MEDIUM 5.1

DescriptionNVD

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

AnalysisAI

SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-0495 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy