Financial Consolidation Security Vulnerabilities

CVE-2024-37177

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

CVE-2024-37178

SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can....

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality...

CVE-2022-41258

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited...

CVE-2022-41208

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity.....

CVE-2022-31595

SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of...

CVE-2022-26104

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system...

CVE-2019-0369

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting...

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath...

CVE-2018-2499

A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin...

CVE-2018-2444

SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...

CVE-2017-14516

Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note...

CVE-2017-6061

Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP...

CVE-2016-0538

Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Business...