Financial Consolidation Security Vulnerabilities and Issues — Financial Consolidation CVE List

Lucene search

SapFinancial Consolidation

6 matches found

CVE•added 2022/03/10 5:47 p.m.•99 views

CVE-2022-26104

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.

5.3CVSS5.2AI score0.0017EPSS

CVE•added 2022/11/08 10:15 p.m.•57 views

CVE-2022-41258

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impac...

6.5CVSS6.2AI score0.0011EPSS

CVE•added 2022/11/08 10:15 p.m.•55 views

CVE-2022-41208

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity o...

5.4CVSS5.4AI score0.00235EPSS

CVE•added 2019/10/08 8:15 p.m.•50 views

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

6.5CVSS6.4AI score0.0034EPSS

CVE•added 2022/11/08 10:15 p.m.•48 views

CVE-2022-41260

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and...

6.1CVSS6.1AI score0.00428EPSS

CVE•added 2019/10/08 8:15 p.m.•32 views

CVE-2019-0369

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

5.4CVSS5.5AI score0.00343EPSS