Description
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)UIAPFI70 500 – UIAPFI70 500
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)600 – 600
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)700 – 700
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)800 – 800
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)900 – 900
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)901 – 901
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)902 – 902
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)S4CORE 102 – S4CORE 102
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)103 – 103
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)104 – 104
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)105 – 105
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)106 – 106
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)107 – 107
- SAP_SE / SAP Fiori App (Intercompany Balance Reconciliation)108 – 108