Lucene search

SapCVELIST:CVE-2024-37178

HistoryJun 11, 2024 - 2:00 a.m.

CVE-2024-37178 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

2024-06-1102:00:27

CWE-79

sap

www.cve.org

cve-2024-37178

cross-site scripting

sap financial consolidation

network exposure

application confidentiality

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

Percentile

9.0%

JSON

SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Financial Consolidation",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "FINANCE 1010"
      }
    ]
  }
]

References

me.sap.com/notes/3457592

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-37178