CVE-2026-0493

Summary

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)UIAPFI70 500affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)600affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)700affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)800affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)900affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)901affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)902affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)S4CORE 102affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)103affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)104affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)105affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)106affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)107affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)108affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)109affected
SAP_SESAP Fiori App (Intercompany Balance Reconciliation)UIS4H 109affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References