Primary

Context

SAP Fiori App Intercompany Balance Reconciliation Privilege Escalation Vulnerability Allowing Phishing

Vulnerability

A vulnerability in the SAP Fiori App Intercompany Balance Reconciliation has been identified, allowing an attacker with high privileges to send uploaded files to arbitrary email addresses. This capability could be exploited to conduct effective phishing campaigns. The vulnerability has a low impact on the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized phishing attempts, potentially compromising the email recipients.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Jan 13, 2026, 2:33 AM

Updated: Jan 13, 2026, 2:33 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Fiori App Intercompany Balance Reconciliation Privilege Escalation Vulnerability Allowing Phishing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating