CVE-2026-23683 Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)

🗓️ 27 Jan 2026 00:22:13Reported by sapType

The Systems Applications and Products Fiori Intercompany Balance Reconciliation app lacks authorization checks for authenticated users, enabling privilege escalation.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-23683	27 Jan 202600:22	–	attackerkb
Circl	CVE-2026-23683	27 Jan 202603:42	–	circl
CNNVD	SAP Fiori App Intercompany Balance Reconciliation Security Vulnerability	27 Jan 202600:00	–	cnnvd
CVE	CVE-2026-23683	27 Jan 202600:22	–	cve
EUVD	EUVD-2026-11363	11 Mar 202621:31	–	euvd
EUVD	EUVD-2026-4844	27 Jan 202600:22	–	euvd
NVD	CVE-2026-23683	27 Jan 202601:16	–	nvd
Positive Technologies	PT-2026-4838	27 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-23683	28 Jan 202603:16	–	redhatcve
Vulnrichment	CVE-2026-23683 Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)	27 Jan 202600:22	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Fiori App (Intercompany Balance Reconciliation)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3122486
url	www.url.sap/sapsecuritypatchday

27 Jan 2026 00:22Current

CVSS 3.14.3

EPSS0.00046

CWE-862