Skip to main content

Financial Consolidation

6 CVEs product

Monthly

CVE-2022-41260 MEDIUM This Month

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41258 MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-41208 MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26104 MEDIUM This Month

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Financial Consolidation
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-0370 MEDIUM This Month

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Financial Consolidation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-0369 MEDIUM This Month

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Financial Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Financial Consolidation
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Financial Consolidation
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Financial Consolidation
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Financial Consolidation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy