CVE-2026-0493
CSRF Vulnerability in SAP Fiori Intercompany Balance Reconciliation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | fiori_app_intercompany_balance_reconciliation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability has no impact on confidentiality and availability, and only a low impact on integrity. There is no information provided about its effect on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the SAP Fiori App Intercompany Balance Reconciliation. It allows an attacker to perform state-changing actions by sending inappropriate request types that deviate from expected request semantics. Essentially, an attacker can trick an authenticated user into executing unintended actions without their consent.
How can this vulnerability impact me? :
The vulnerability can impact the integrity of the system by allowing attackers to trigger unintended actions on behalf of authenticated users. However, it has no impact on confidentiality or availability, and the overall impact is considered low.