CVE-2026-0511
Privilege Escalation in SAP Fiori Intercompany Balance App
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | fiori_app_intercompany_balance_reconciliation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability results in escalation of privileges affecting confidentiality and integrity of the SAP Fiori App Intercompany Balance Reconciliation. This could potentially lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of confidential information. However, specific details on compliance impact are not provided in the available resources. [1, 2]
Can you explain this vulnerability to me?
This vulnerability exists in the SAP Fiori App Intercompany Balance Reconciliation, where the application does not perform necessary authorization checks for an authenticated user. This flaw allows an authenticated user to escalate their privileges within the application, potentially gaining higher access than intended.
How can this vulnerability impact me? :
The vulnerability can lead to an escalation of privileges, which impacts the confidentiality and integrity of the application. This means unauthorized users could access or modify sensitive data. However, the availability of the application is not affected by this vulnerability.